apple-docs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill is designed to ingest external data (documentation and transcripts) from developer.apple.com. While this creates a theoretical surface for indirect prompt injection, the risk is negligible due to the trusted nature of the data source.
- Ingestion points: Remote documentation and video transcripts are fetched from developer.apple.com.
- Boundary markers: No boundary markers or 'ignore' instructions are visible in the provided documentation or data files.
- Capability inventory: Based on the README, the skill performs network fetches and displays content; no dangerous shell execution or write capabilities were described in the documentation search tools.
- Sanitization: No sanitization or escaping logic could be verified as the source code (cli.js) was not provided.
- No Executable Code (SAFE): The analysis set contains only Markdown documentation and JSON data files. The primary logic files mentioned in the documentation (cli.js and build-wwdc-index.js) were not included in the provided file list. The static data indices for WWDC sessions (2014-2025) contain no malicious patterns, obfuscation, or encoded commands.
Audit Metadata