unocss
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill documents features that allow the agent to fetch content from arbitrary URLs for the purpose of class extraction (e.g.,
async () => (await fetch('...')).text()). This represents an ingestion point for untrusted data that could potentially influence agent behavior if not sanitized. - Evidence Chain:
- Ingestion points:
references/core-extracting.md(viafetchincontent.inline). - Boundary markers: None specified for external content.
- Capability inventory: The skill is designed to generate CSS based on extracted content.
- Sanitization: None specified for the fetched content.
- [Dynamic Execution] (LOW): UnoCSS relies on JavaScript/TypeScript configuration files that use dynamic rules and custom extractor functions. This is a standard architectural feature for CSS-on-demand engines, allowing for runtime logic during the build process.
- [External Downloads] (LOW): The documentation includes references to external CDNs for browser-based icon loading (e.g.,
https://esm.sh/) and font providers (Google, Bunny). These are standard industry sources for web development assets. - [Command Execution] (SAFE): Package management commands like
pnpm addare provided for installation and integration with frameworks like Nuxt and Vite. These are standard developer operations.
Audit Metadata