unity-mcp
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill contains explicit instructions in
SKILL.mddirecting the AI agent to "automatically" modify system configuration files when a user requests setup. This encourages the agent to bypass standard verification steps for sensitive file operations. - [COMMAND_EXECUTION]: The
scripts/setup.shfile executes shell commands and inline Python scripts to modify AI agent configuration files, including~/.claude/settings.json,~/.codex/config.toml, and~/.gemini/settings.json. Modifying these files is a sensitive operation as they define the agent's behavior and security boundaries. - [EXTERNAL_DOWNLOADS]: The skill references and encourages the installation of an external Unity package from
https://github.com/CoplayDev/unity-mcp.git. While intended for functionality, users should verify the contents of third-party repositories before installation. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection.
- Ingestion points: Data enters the agent context via
read_console(Unity logs) andget_testsresults. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the processing logic.
- Capability inventory: The skill has access to high-privilege tools including
Bash,execute_custom_tool, andmanage_editoracross its toolset. - Sanitization: No evidence of sanitization or filtering of the Unity console output or test data before it is processed by the agent was found.
Audit Metadata