uniapp-ui
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The script does not utilize any subprocess, os.system, or shell-related calls. It is limited to standard text processing and local file reading.
- [DATA_EXFILTRATION] (SAFE): There are no network-related functions (e.g., requests, urllib, sockets) present. The skill only reads from a local 'data' directory and outputs results to stdout.
- [REMOTE_CODE_EXECUTION] (SAFE): The implementation avoids dynamic code execution functions like eval() or exec(). All search queries are sanitized via regular expressions before indexing.
- [EXTERNAL_DOWNLOADS] (SAFE): No external dependencies are requested or installed. The skill relies entirely on the Python Standard Library (csv, pathlib, math, etc.).
- [INDIRECT_PROMPT_INJECTION] (SAFE): While the skill processes CSV data which could technically contain instructions, the skill has no actionable capabilities (file writes, network, or command execution) that an attacker could exploit through the agent's context.
Audit Metadata