ucharts
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill recommends installing the
@qiun/uchartspackage via npm, yarn, or pnpm. This package does not belong to the list of verified 'Trusted External Sources' (such as Google, Microsoft, or Vercel). Users should verify the package authenticity on npmjs.com before installation to prevent supply chain attacks.- [NO_CODE] (INFO): The skill's logic heavily relies on external documentation files located inexamples/,api/, andtemplates/directories. These files were not provided for analysis, and their contents could potentially contain additional instructions or configurations that fall outside this security review.
Audit Metadata