migrate-nativewind-to-uniwind
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions to execute shell commands for project maintenance, including uninstalling outdated packages (
nativewind,react-native-css-interop), installing new dependencies (uniwind,tailwindcss), and searching the codebase usingrg(ripgrep) to identify migration targets. - [EXTERNAL_DOWNLOADS]: The skill specifies downloading well-known libraries from official package registries and references external documentation hosted on the official
uniwind.devdomain. - [PROMPT_INJECTION]: The migration process requires the agent to read and process external project data, which introduces a surface for indirect prompt injection.
- Ingestion points: Project configuration files (
metro.config.js,babel.config.js,package.json) and source code discovered during search operations. - Boundary markers: Absent.
- Capability inventory: File system access (read/write) and shell command execution (
npm,rg). - Sanitization: Not applicable as the skill performs standard code transformations based on existing file content.
- [SAFE]: The identified behaviors, including file modifications and search commands, are strictly aligned with the skill's stated purpose of software migration. No indicators of data exfiltration, credential harvesting, or obfuscation were found.
Audit Metadata