Skills
skills/partme-ai/full-stack-skills/uniappx-project/Gen Agent Trust Hub

uniappx-project

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOW
Full Analysis
  • Obfuscation (INFO): File references/components/built-in/unicloud-db.md contains garbled text characters (Mojibake), likely due to a UTF-8 to Latin-1 encoding error during document conversion. Manual decoding confirms the text describes the unicloud-db component and contains no hidden malicious commands.
  • Indirect Prompt Injection (LOW): The skill provides instructions for components that process untrusted data, specifically web-view (remote URLs), rich-text (HTML), and uni.request (API responses). While this creates a broad attack surface for indirect prompt injection if the agent handles adversarial content, the provided code examples use safe practices (e.g., JSON.parse for data handling and encodeURIComponent for navigation) rather than dangerous ones like eval().
  • Data Exposure (SAFE): Examples in examples/api/network/ and examples/api/storage/ use standard placeholder strings (e.g., https://api.example.com, Bearer token123) for demonstration purposes. No real credentials or sensitive hardcoded data were found.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 01:24 AM