Skills
skills/partme-ai/full-stack-skills/uniappx-uview-pro/Gen Agent Trust Hub

uniappx-uview-pro

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs users to install the uview-pro package via npm (npm install uview-pro) and references the official uView Pro plugin on the DCloud marketplace (ID: 24633). These are legitimate resources within the UniApp ecosystem.
  • [DATA_EXFILTRATION]: Examples in examples/integration/uniappx-api.md and examples/platform-specific/miniprogram.md demonstrate using uni.request to fetch data from external APIs (e.g., https://api.example.com/data). While these are standard developmental practices, they represent network operations to non-whitelisted domains.
  • [PROMPT_INJECTION]: (Category 8
  • Indirect) The skill demonstrates patterns for ingesting untrusted data which could serve as an attack surface for indirect prompt injection.
  • Ingestion points: Data enters the application context through uni.request in examples/integration/uniappx-api.md and through URL parameters processed via onLoad in examples/integration/navigation.md.
  • Boundary markers: None are present in the provided code templates to differentiate between data and instructions.
  • Capability inventory: The skill patterns utilize network (uni.request), local storage (uni.setStorage), and navigation (uni.navigateTo) APIs across various files.
  • Sanitization: The examples do not include logic for sanitizing or validating ingested external data before it is rendered or used in application logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 06:28 AM