The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes the uloop command-line utility to communicate with the Unity Editor. This is a vendor-provided tool used to bridge the AI agent with the local development environment.
[REMOTE_CODE_EXECUTION]: The core functionality relies on a execute-dynamic-code feature that compiles and runs C# snippets at runtime. This provides the agent with high-level control over the Unity project, equivalent to arbitrary code execution within the editor's process space. While the skill description lists 'Forbidden Operations' such as file I/O, these are natural language constraints and are not technically enforced at the execution level.
[PROMPT_INJECTION]: The skill is susceptible to instructions that could attempt to bypass the defined safety boundaries. A malicious prompt could instruct the agent to ignore the 'Forbidden Operations' list and use System.IO or other restricted APIs to access the local file system or exfiltrate data.
[DATA_EXPOSURE]: By allowing the agent to query the AssetDatabase and scene hierarchy, the skill can be used to extract sensitive project metadata, configuration details, or internal logic embedded within Unity components.
[REMOTE_CODE_EXECUTION]: (Vulnerability Surface Analysis)
Ingestion points: Untrusted data enters the execution context through the --code parameter, which is populated by the agent based on user tasks or processed files.
Boundary markers: There are no technical delimiters or sanitization routines to prevent a 'code escape' or to ensure that the generated C# snippet does not include malicious logic.
Capability inventory: The skill has access to the full UnityEditor and UnityEngine namespaces, allowing for deep modification of assets, scenes, and editor settings.
Sanitization: No validation or static analysis of the C# code is performed before execution; the system relies entirely on the model's adherence to the provided markdown instructions.

uloop-execute-dynamic-code