uniappx-project-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill uses
npx degitto download project templates from thedcloudio/uni-preset-vue-xrepository. This is a standard developer practice for scaffolding uni-app projects and targets the official repository of the technology provider. - COMMAND_EXECUTION (SAFE): Includes standard Node.js and shell commands for project management (e.g.,
npm install,npm run dev). These are appropriate for the skill's purpose of creating and running development environments. - INDIRECT PROMPT INJECTION (SAFE): The skill handles user-provided project names as variables in templates. While this is a common surface for injection, the skill acts as a static guide and template provider rather than an automated execution agent, posing minimal risk.
- SAFE (SAFE): Analysis of all 10 threat categories, including prompt injection, data exfiltration, and obfuscation, yielded no findings. The external links point to official documentation and reputable development resources (DCloud, Vue.js, TypeScript).
Audit Metadata