Skills
skills/coplaydev/unity-mcp/mcp-source/Gen Agent Trust Hub

mcp-source

Pass

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • COMMAND_EXECUTION (SAFE): The skill uses the Bash tool to run Git commands (git rev-parse, git remote) and find to locate project files. These commands are used solely for environment discovery related to the skill's primary purpose.\n- DATA_EXPOSURE (SAFE): The skill reads configuration from manifest.json and Git remotes. This data is processed locally to update package references and is not exfiltrated.\n- INDIRECT_PROMPT_INJECTION (LOW): The skill processes untrusted data from Git outputs and local project files. This represents a vulnerability surface, though the risk is low as the data is used for targeted string replacement within JSON files rather than as executable code.\n
  • Ingestion points: Git command output and manifest.json content (SKILL.md lines 41, 69).\n
  • Boundary markers: No explicit markers are used to delimit external data from the agent prompt.\n
  • Capability inventory: Bash for command execution, Read for file inspection, and Edit for manifest modification.\n
  • Sanitization: Includes logic to transform SSH-style URLs to HTTPS (SKILL.md line 45).
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 22, 2026, 06:50 AM