ue5-gamedev
Warn
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions and examples for executing Python code remotely within the Unreal Engine editor using the Python Editor Script Plugin on port 30010.
- [COMMAND_EXECUTION]: Includes functionality to execute arbitrary console commands through the Unreal Engine Remote Control API, specifically via the ExecuteConsoleCommand function.
- [EXTERNAL_DOWNLOADS]: Recommends the installation of several community-maintained packages and tools from non-verified sources, including unreal-engine-mcp-server via NPM and upyrc via PyPI.
- [EXTERNAL_DOWNLOADS]: Directs users to multiple external GitHub repositories (e.g., ChiR24, chongdashu, appleweed, ayeletstudioindia) to download and install additional MCP servers and integrations.
- [COMMAND_EXECUTION]: Provides capabilities for performing system-level actions such as triggering project builds and importing assets from external network paths.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes data from an Unreal Engine environment (such as property values, metadata, and project files) which could contain adversarial instructions.
- Ingestion points: Reads Unreal Engine project files, C++ source code, asset properties, and editor output.
- Boundary markers: None identified in the provided instructions.
- Capability inventory: Can execute console commands, run Python scripts, trigger builds, and modify project assets.
- Sanitization: No explicit sanitization or validation of data retrieved from the editor is documented.
Audit Metadata