uview-pro-vue3
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill provides templates for data ingestion that could be leveraged for indirect prompt injection if the resulting application processes untrusted user input without sanitization.
- Ingestion points:
examples/components/input.md,examples/components/form.md(components like u-input and u-form). - Boundary markers: Absent; the templates do not include specific instructions for the agent to ignore instructions embedded in user-provided data.
- Capability inventory:
examples/tools/http.md(network requests viarequest),examples/tools/intro.md(persistent storage viasetStorage). - Sanitization: Absent; the skill focuses on UI implementation rather than data validation/sanitization logic.
- Unverifiable Dependencies (SAFE): The skill references the
uview-propackage. While not on the specific 'Trusted Sources' list provided in the instructions, it is the primary subject of the skill and a widely used library in the uni-app ecosystem. The installation instructions (npm install uview-pro) are standard and expected for this use case. - Data Exposure (SAFE): While
examples/tools/http.mddemonstrates how to add an 'Authorization' header, it uses a generic placeholder ('Bearer token') and does not contain hardcoded secrets or access to sensitive system paths.
Audit Metadata