Skills
skills/hatayama/unity-cli-loop/uloop-execute-menu-item/Gen Agent Trust Hub

uloop-execute-menu-item

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides a mechanism to execute arbitrary menu items in the Unity Editor through the uloop CLI tool.
  • Evidence: uloop execute-menu-item --menu-item-path "<path>" usage defined in SKILL.md.
  • Scope: The tool can trigger standard editor actions (save, build) as well as custom scripts defined within the Unity project.
  • [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection (Category 8).
  • Ingestion points: The --menu-item-path parameter in SKILL.md which accepts external string input that may be derived from untrusted project files or documentation.
  • Boundary markers: Absent; there are no delimiters or specific instructions to the agent to validate or treat the path string as raw data.
  • Capability inventory: Subprocess execution of the uloop command which impacts the Unity editor state and environment.
  • Sanitization: Absent; the skill definition does not describe any validation or escaping mechanisms for the input parameters.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 02:16 AM