apple-platform-versions
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Prompt Injection (HIGH): The skill contains explicit instructions to override the agent's internal knowledge and safety regarding factual correctness. Phrases like 'Treat “current macOS” as macOS Tahoe 26.x (not Sequoia 15)' and 'If none of the above: do not load/use this skill' are designed to hijack the agent's reasoning and force compliance with a fabricated reality.
- Data Poisoning (HIGH): The reference files (
CODING_BASELINE.md,PLATFORM_VERSIONS.md) contain hallucinated data, including a 'Last verified' date in the future (2026-02-15) and platform versions that do not exist (macOS 26.3). This poisons the agent's retrieval context, ensuring any code generated will be syntactically valid but logically broken (e.g.,#available(macOS 26, *)will fail on all current Apple hardware). - Indirect Prompt Injection (HIGH): By providing 'Canonical sources' that are a mix of real URLs and fabricated paths (e.g.,
macos-26_3-release-notes), the skill creates a deceptive trust chain. If the agent is used to review or write code for a user's repository, it will provide 'corrections' that introduce compatibility errors and technical debt based on this false baseline.
Recommendations
- AI detected serious security threats
Audit Metadata