abtesting-mobile
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references standard SDKs from well-known providers including Google Firebase and Optimizely. These are integrated using platform-standard package managers like CocoaPods, Gradle, and NPM.
- [COMMAND_EXECUTION]: The skill provides instructions for using official CLI tools for Firebase, Optimizely, and Statsig to fetch and update remote configurations.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to fetch and process configuration data from external services, which could potentially contain malicious instructions if the source is compromised.
- Ingestion points: Data is fetched from Firebase Remote Config, Optimizely, and Statsig APIs as described in SKILL.md.
- Boundary markers: No specific delimiters or warnings are implemented in the provided usage patterns.
- Capability inventory: The skill utilizes CLI commands and network API calls to manage remote configurations.
- Sanitization: The instructions do not describe validation or sanitization of the fetched JSON parameters.
Audit Metadata