unison
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (HIGH): Documentation details executing compiled programs via 'ucm run.compiled', allowing for arbitrary binary execution.
- REMOTE_CODE_EXECUTION (HIGH): The 'Remote' ability allows for forking computation to other nodes, creating a significant remote execution surface.
- EXTERNAL_DOWNLOADS (MEDIUM): The 'lib.install' command downloads code from Unison Share, an external and potentially untrusted registry.
- DATA_EXFILTRATION (MEDIUM): The inclusion of 'readFileUtf8' and 'Http.get' provides the necessary primitives for an agent to read sensitive local files and transmit them externally.
- Indirect Prompt Injection (HIGH): The skill facilitates the processing of untrusted Unison code (Category 8). Ingestion point: scratch files and remote libraries. Boundary markers: None. Capability: Full file, network, and remote execution. Sanitization: None. This allows malicious code in external data to hijack agent behavior.
Recommendations
- AI detected serious security threats
Audit Metadata