uniapp-plugin
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted external data from the uni-app plugin market and possesses high-privilege write/execute capabilities.
- Ingestion points: Plugin metadata, descriptions, and installation scripts from
ext.dcloud.net.cn(mentioned in SKILL.md and documentation files). - Boundary markers: None. There are no instructions to delimit or ignore instructions embedded within the third-party plugin data.
- Capability inventory: SKILL.md explicitly claims the ability to 'Automatically install plugins', 'configure plugin settings', and 'integrate third-party plugins'. This implies file system modification and execution of installation logic.
- Sanitization: No sanitization or source verification logic is present to validate the safety of the downloaded code.
- [External Downloads] (MEDIUM): The skill facilitates downloading executable components from a non-whitelisted external registry (
ext.dcloud.net.cn). While this is a legitimate developer tool, it lacks integrity checks (hashes/signatures) for the remote content. - [Remote Code Execution] (HIGH): Automated installation of third-party plugins is functionally equivalent to remote code execution, as the agent is instructed to fetch and integrate external executable logic into the user's project environment.
Recommendations
- AI detected serious security threats
Audit Metadata