The Agent Skills Directory

[Indirect Prompt Injection] (MEDIUM): The skill is designed to ingest and process untrusted external data (Unity project files like .asset, .prefab, and .meta) while possessing significant write capabilities.
Ingestion points: Uses grep_search and file reading to analyze existing project assets (mentioned in SKILL.md under 'Surgical YAML').
Boundary markers: None identified; the instructions do not specify delimiters to separate untrusted file content from the agent's internal logic.
Capability inventory: Possesses write_to_file, replace_file_content, and mcp_unityMCP_refresh_unity for modifying the project state and triggering asset registration.
Sanitization: No evidence of sanitization or validation of the content read from files before it is used to inform further replace_file_content operations.
[Command Execution] (MEDIUM): The 'Surgical YAML' workflow encourages project-wide replace_file_content based on search results. If the agent is misled by malicious data in a project file, it could be coerced into corrupting the project or injecting malicious scripts into C# source files.
[Dynamic Execution] (LOW): The 'Performance' workflow involves the agent manually constructing and writing Unity YAML files (.asset) to bypass the standard API. While common for bulk operations, this bypasses any validation logic inherent in the higher-level Unity API tools.

unity-so-prefab-manager