Unifi
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill instructions direct users to store their UniFi Controller username and password in plain text within a local JSON file (~/.claude/skills/Unifi/config.json). This allows any process or agent with read access to compromise the network controller.
- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection. It ingests data from external network devices which can be manipulated by attackers. 1. Ingestion points: Output from 'unifi-cli.ts clients' (hostnames) and 'unifi-cli.ts alerts'. 2. Boundary markers: Absent. 3. Capability inventory: Ability to execute shell commands via 'bun'. 4. Sanitization: No sanitization is mentioned for data retrieved from the controller. A malicious device on the network could set its hostname to a prompt injection string to hijack the agent's behavior.
- [COMMAND_EXECUTION] (MEDIUM): The skill functions by executing shell commands via the Bun runtime. While mapped to specific tasks, this provides a primitive for potential command injection if parameters are not strictly validated by the underlying TypeScript wrapper.
- [EXTERNAL_DOWNLOADS] (LOW): The setup process requires 'bun install', which downloads third-party packages from the npm registry, introducing a risk of dependency-based attacks.
Recommendations
- AI detected serious security threats
Audit Metadata