uniapp-plugin
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill facilitates the automatic installation of third-party plugins from the uni-app marketplace (ext.dcloud.net.cn), creating a vulnerability to Indirect Prompt Injection.
- Ingestion points: Untrusted data such as plugin descriptions, metadata, and configuration files from the marketplace enter the agent's context as part of the discovery and installation workflow.
- Boundary markers: The provided instructions lack any delimiters or 'ignore previous instructions' warnings when processing external plugin data.
- Capability inventory: SKILL.md explicitly lists 'auto-install plugins' and 'automatically install plugins into projects' as primary capabilities, which involve high-privilege filesystem modifications and potentially command execution.
- Sanitization: No sanitization, escaping, or validation of external content is defined in the skill documentation. This combination of external data ingestion and write-capable tools allows an adversary to control the agent's actions through malicious plugin listings.
Recommendations
- AI detected serious security threats
Audit Metadata