unifi
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The
SKILL.mdfile contains aggressive directives designed to override the agent's operational autonomy. It uses phrases like 'MANDATORY SKILL INVOCATION', 'YOU MUST invoke this skill', and claims that failing to do so 'violates your operational requirements'. - [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection by ingesting and processing untrusted data from the network.
- Ingestion points: Data is fetched from the UniFi API in
scripts/dashboard.sh,scripts/clients.sh, andscripts/alerts.sh(specifically hostnames, device names, and alert messages). - Boundary markers: There are no delimiters or 'ignore' instructions used when the retrieved data is interpolated into the agent's context.
- Capability inventory: The skill executes shell scripts with network (
curl) and filesystem access. - Sanitization: No sanitization or validation is performed on the data returned from the API before it is displayed or written to files.
- [COMMAND_EXECUTION]: The skill relies on shell scripts to perform all tasks. The
scripts/unifi-api.shfile sources an external script at~/.homelab-skills/load-env.sh, which is outside the skill's directory and its integrity cannot be verified by the skill itself. - [COMMAND_EXECUTION]: The
scripts/dashboard.shscript creates a local debug filedashboard_debug_dump.jsoncontaining a full dump of network data, which may lead to unintended local data exposure if the environment is shared.
Audit Metadata