uni-helper
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation provides instructions to install multiple packages from the
@uni-helperscope on NPM and usenpm create uni@latestfor project scaffolding. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: Reads local project file structures (e.g.,
src/pages,src/layouts) and Single File Component (SFC) content via Vite plugins (plugin-pages.md,plugin-layouts.md). - Boundary markers: Not present; the documentation does not specify delimiters or validation for the content being processed from the filesystem.
- Capability inventory: The documented tools are capable of writing to the local filesystem (generating
pages.json,manifest.json, and.d.tsfiles) and initiating network requests via theuni-networklibrary. - Sanitization: Not present; no explicit sanitization of filesystem input before configuration generation is described.
- [METADATA_POISONING]: There is a minor discrepancy between the skill author context ('Sonvee') and the author specified in the skill's YAML metadata ('FlippeDround').
Audit Metadata