uithing
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to run shell commands using the
ui-thingCLI (e.g.,init,add,prose,block,theme). These operations can modify the project's local filesystem, alter critical configuration files such asnuxt.config.*andpackage.json, and install external dependencies using package managers (npm, yarn, pnpm). - [DATA_EXFILTRATION]: Multiple files, including
SKILL.mdandcli.md, disclose a hardcoded absolute local filesystem path:/Users/baker/Desktop/ui-thing-cli. This reveals the local username and directory structure of the author's environment to the agent and potentially to the logs of the system running the skill. - [PROMPT_INJECTION]: The skill identifies a workflow for converting pasted React and shadcn source code into Vue/Nuxt components, which presents an attack surface for indirect prompt injection.
- Ingestion points: Untrusted external React, JSX, or TSX source code processed during the conversion workflow described in
references/react-conversion.md. - Boundary markers: The skill does not define specific delimiters or security instructions to prevent the agent from following malicious instructions potentially embedded within the provided source code snippets.
- Capability inventory: The agent is granted the ability to write new component files, modify existing project files, and execute CLI commands based on its analysis of the input code.
- Sanitization: There is no evidence of sanitization or structural validation for the external code before it is processed by the agent's logic.
Audit Metadata