uniapp-plugin
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- NO_CODE (SAFE): The skill consists entirely of Markdown files and a license text. No executable scripts (.py, .js, .sh), binaries, or configuration files that trigger code execution were detected.
- Indirect Prompt Injection (LOW): The skill is designed to guide an agent in browsing and installing plugins from the external uni-app plugin market (ext.dcloud.net.cn). This creates a theoretical ingestion surface for untrusted data.
- Ingestion points: Plugin descriptions and contents from the external marketplace.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided templates.
- Capability inventory: The skill assists with plugin installation and project configuration.
- Sanitization: As an informational skill, no input sanitization logic is implemented.
Audit Metadata