migrate-nativewind-to-uniwind
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes command-line tools for package management (npm, yarn, bun) to install uniwind and remove legacy dependencies. It also suggests using rg (ripgrep) to identify specific code patterns that require manual updates during the migration.
- [EXTERNAL_DOWNLOADS]: The skill references several external packages from public registries, including the vendor-owned uniwind library and common dependencies like tailwindcss, tailwind-merge, and clsx. It also includes a link to the vendor's documentation for additional context.
- [PROMPT_INJECTION]: The skill uses formatting labels like 'CRITICAL' and 'IMPORTANT' to ensure the agent follows specific migration steps. It processes local project files which creates a potential indirect prompt injection surface; however, no malicious patterns were detected and this behavior is required for the migration process.
Audit Metadata