ue5-plugin-dev
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill manages user-provided asset paths and command parameters. It mitigates potential injection risks by providing specific validation helpers and enforcing strict path prefix checks. 1. Ingestion points: The 'my_param' argument in the Python tool wrapper in 'src/ue_audio_mcp/tools/category.py'. 2. Boundary markers: The skill guide explicitly directs developers to use '_validate_asset_path' and provides a template that includes it. 3. Capability inventory: The skill leverages 'Bash', 'Write', and 'Edit' tools to automate code modifications and build processes. 4. Sanitization: Comprehensive sanitization logic is demonstrated in both C++ and Python templates, specifically checking for '/Game/' and '/Engine/' prefixes and rejecting path traversal ('..').
- Command Execution (SAFE): The skill executes local build and test scripts ('pytest', 'build_plugin.sh'). No external downloads or unauthorized command executions were found.
Audit Metadata