Skills
skills/unifuncs/skills/unifuncs-reader/Gen Agent Trust Hub

unifuncs-reader

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script (read.py) to interact with the UniFuncs API. This is the primary intended function of the skill.
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests to api.unifuncs.com to fetch content from user-provided URLs. This is part of the expected service functionality provided by the vendor.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from external URLs. While the skill extracts content using AI-powered extraction, the risk is mitigated as the content is returned to the agent as text/markdown for processing rather than being directly executed as instructions.
  • Ingestion points: URL content is fetched via urllib.request in read.py.
  • Boundary markers: None explicitly implemented in the script output; the agent receives raw content.
  • Capability inventory: The script performs network POST requests and reads environment variables.
  • Sanitization: The script performs basic URL format validation using urllib.parse.urlparse.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 09:36 AM