unity-game-loop
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The GameLoopController implementation performs dynamic type instantiation using strings from configuration assets. Evidence: SKILL.md (lines 102-108) and references/game-loop-scaffolds.md (lines 125-131). This allows execution logic to be driven by class names stored in ScriptableObjects. Risk is limited by interface validation.
- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection via game configuration data. 1. Ingestion points: GamePhaseConfig assets. 2. Boundary markers: Absent for class name strings. 3. Capability inventory: Activator.CreateInstance calls in GameLoopController. 4. Sanitization: Implementation validates that types implement the IGamePhase interface before instantiation.
Audit Metadata