unity-mcp
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to install the Unity MCP plugin from the official Anthropic GitHub repository (github.com/anthropics/unity-mcp), which is a recognized trusted source.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface. Ingestion points: The agent reads scene hierarchies and console logs from the Unity Editor. Boundary markers: No specific delimiters or instructions to ignore embedded commands in scene data are provided. Capability inventory: The agent has the ability to create, delete, and modify GameObjects and assets. Sanitization: No data validation is performed on inputs retrieved from the editor.
Audit Metadata