Skills
skills/taconotsandwich/unity-agentic-tools/unity-agentic-editor/Gen Agent Trust Hub

unity-agentic-editor

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on the unity-agentic-tools CLI to perform operations. The scripts/check-setup.mjs script uses execSync to run a static help command to verify the tool's availability.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It retrieves data from the Unity Editor (e.g., Hierarchy and UI snapshots) that could contain malicious instructions embedded by an attacker in scene objects or UI text.\n
  • Ingestion points: External data enters the agent context through snapshot commands like UnityAgenticTools.Util.Hierarchy Snapshot and UnityAgenticTools.Util.UI Snapshot.\n
  • Boundary markers: There are no explicit instructions or delimiters used to separate Unity project data from agent instructions or to warn the agent about potential embedded commands.\n
  • Capability inventory: The skill provides a high-privilege editor invoke command that can execute arbitrary static C# methods and properties within the connected Unity Editor session.\n
  • Sanitization: The skill does not perform any sanitization or validation of the content retrieved from the Unity Editor before presenting it to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 02:34 AM