unity-vrc-skills-renovator
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes an indirect prompt injection surface by instructing the agent to gather information from external web searches and incorporate it into the skill's knowledge base and validation logic.
- Ingestion points: Web search results gathered during Phase 2 as defined in
SKILL.mdandreferences/update-checklist.md. - Boundary markers: Absent; there are no specific instructions to the agent to delimit or ignore potentially malicious instructions embedded in the search snippets.
- Capability inventory: The agent has the capability to read and write files within the repository (
Read,Glob,Write) and perform web searches (WebSearch). - Sanitization: No explicit sanitization or validation steps are defined for the content retrieved from the web before it is used to update internal files.
- [COMMAND_EXECUTION]: The skill involves the dynamic modification of executable validation hooks based on information retrieved from the web.
- Evidence: Phase 7b and 7c in
SKILL.mdandreferences/update-checklist.mdinstruct the agent to modifyvalidate-udonsharp.sh(shell script) andvalidate-udonsharp.ps1(PowerShell script). - Context: These scripts are described as "PostToolUse validation hooks" in
references/skill-structure.md, implying they are executed by the environment. Modifying these scripts based on external SDK changes is a core part of the renovation process but introduces a pathway for logic changes in executable files.
Audit Metadata