unity-physics
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill metadata establishes a high-risk capability surface for indirect prompt injection. 1. Ingestion points: Untrusted content can be fetched via WebFetch or read from files using Read/Grep (SKILL.md). 2. Boundary markers: There are no instructions or delimiters to isolate processed content from system instructions. 3. Capability inventory: The agent is granted Bash and Write tools, allowing for shell command execution and filesystem persistence/modification. 4. Sanitization: No logic is provided to sanitize or validate external inputs.
- Privilege Escalation (MEDIUM): The inclusion of the Bash tool for a physics implementation skill violates the principle of least privilege, as Unity physics tasks are typically handled via C# scripting and do not require raw shell access.
- External Downloads (LOW): The WebFetch tool is enabled in the metadata; while no specific malicious downloads are present in the provided files, the capability exists without restrictions.
Recommendations
- AI detected serious security threats
Audit Metadata