unreal-bp
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Command Execution (LOW): The skill enables the execution of internal Python scripts (e.g., scripts/scan_project.py) via the Bash tool to perform project indexing and database generation. This involves script execution as a primary functional capability. \n- Indirect Prompt Injection (LOW): The skill parses data from external Unreal Engine project files, creating a surface for potential indirect prompt injection. \n
- Ingestion points: Project assets like Blueprints and MetaSounds are scanned using provided scripts and MCP tools. \n
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potentially malicious embedded content during asset processing. \n
- Capability inventory: The skill includes tools for script execution and direct interaction with the Blueprint API. \n
- Sanitization: Extracted data from the project assets is not explicitly sanitized or validated before being presented to the agent's context.
Audit Metadata