uview-pro-vue3
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
- [Unverifiable Dependencies] (MEDIUM): The skill provides instructions to install the
uview-propackage usingnpm,yarn, andpnpm. While this is a common procedure for library documentation, the package is not hosted in a repository or organization identified as a 'Trusted External Source' (such as Google, Microsoft, or Vercel). The integrity and security of the package must be verified independently before use. - [Indirect Prompt Injection] (LOW): The skill defines a significant attack surface by instructing the agent to ingest content from various local directories (
examples/,api/,templates/) to fulfill user requests. - Ingestion points: Files located in
examples/components/,examples/tools/,api/, andtemplates/folders. - Boundary markers: Absent. The skill does not define specific delimiters or warnings to ignore instructions embedded within the loaded documentation or templates.
- Capability inventory: No active capabilities such as subprocess execution, file writing, or network operations are present in the provided skill manifest. The risk is currently limited to influencing agent reasoning or output formatting.
- Sanitization: Absent. There is no evidence of validation or filtering for content retrieved from the referenced directories.
Audit Metadata