Unifi
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill requires users to store UniFi controller credentials, including username and password, in a plaintext file (
config.json). - Evidence:
SKILL.mdandconfig.example.jsoninstruct the user to provide and save real credentials in the local skill directory. - [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection risk (Category 8). The skill ingests untrusted data from the network environment which can influence agent behavior.
- Ingestion points:
clients(hostnames),alerts(log messages/events), anddevices(device names) commands inunifi-cli.ts. - Boundary markers: Absent. No instructions are provided to the agent to sanitize or ignore embedded instructions in the network data.
- Capability inventory: The agent has shell execution capabilities via
bunand network access via the controller API. - Sanitization: None documented; the agent parses and presents results directly to the user/context.
- Risk: An attacker on the network could change a device's hostname to a malicious prompt injection payload, which the agent would then process and potentially obey.
- [COMMAND_EXECUTION] (MEDIUM): The skill provides the agent with a list of CLI commands to execute on the host system using the
bunruntime. - Evidence:
SKILL.mdprovides explicitbun ~/.claude/skills/Unifi/unifi-cli.ts <command>templates. - [EXTERNAL_DOWNLOADS] (LOW): The skill downloads external dependencies during setup.
- Evidence:
package.jsonrequiresnode-unififrom the npm registry. Whilenode-unifiis a standard community package, it is an external dependency that executes during runtime.
Recommendations
- AI detected serious security threats
Audit Metadata