uniapp-project-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted user input to drive high-privilege shell operations. 1. Ingestion points: User project requirements and configuration options. 2. Boundary markers: Absent in the provided skill instructions. 3. Capability inventory: Command-line execution, file system modifications, and project initialization. 4. Sanitization: Absent. A malicious user could provide a crafted project name to execute arbitrary commands.
- COMMAND_EXECUTION (HIGH): The core functionality relies on the agent running 'CLI commands' and 'one command creation' scripts. This capability allows for full system compromise if the agent's environment is not strictly sandboxed and the inputs are not validated.
- EXTERNAL_DOWNLOADS (LOW): The skill references official resources from DCloud and Vue. Per [TRUST-SCOPE-RULE], findings related to these specific external downloads are downgraded to LOW as they originate from established maintainers, although the subsequent execution of these tools remains a risk.
Recommendations
- AI detected serious security threats
Audit Metadata