uloop-execute-menu-item
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to use the uloop command-line utility. This tool is designed to trigger menu items and automate actions within a local Unity editor instance, such as creating objects, saving files, or opening settings.- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because the --menu-item-path parameter could be populated with untrusted data from external sources. An attacker could potentially craft content that tricks the agent into executing unintended Unity menu commands.
- Ingestion points: The --menu-item-path parameter defined in SKILL.md.
- Boundary markers: None present in the command template to distinguish untrusted data.
- Capability inventory: The skill can trigger any menu command available in the connected Unity editor, including destructive actions like 'File/New Project' or 'Edit/Delete'.
- Sanitization: No explicit sanitization or validation logic is provided in the skill instructions to verify the requested menu path.
Audit Metadata