The Agent Skills Directory

[COMMAND_EXECUTION]: The skill implements operations that modify the host file system. Tools like asset_delete and asset_delete_batch allow for the permanent removal of files within the project directory, while asset_move can rename or relocate them.- [DATA_EXFILTRATION]: The asset_import and asset_import_batch tools accept a sourcePath parameter that can target any file on the local machine. This allows the agent to read and copy potentially sensitive data (such as configuration files or credentials) from the host system into the project environment if prompted with a malicious path.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via asset names and metadata returned by asset_find and asset_get_info (Ingestion points: SKILL.md). The skill lacks boundary markers or instructions to ignore embedded commands (Boundary markers: Absent). The skill possesses significant capabilities like file deletion and movement across all functions (Capability inventory: SKILL.md). No sanitization or validation of asset names or file paths is documented (Sanitization: Absent).

unity-asset