update-swiftui-apis
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses the Sosumi MCP to fetch content from Apple's developer documentation (
developer.apple.com) and WWDC video transcripts. These are well-known and trusted technology sources. - [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (
gh pr create) to automate the creation of branches and pull requests. This is a standard developer workflow tool used for its intended purpose within the skill's defined scope. - [INDIRECT_PROMPT_INJECTION]: The skill ingests external data (documentation and transcripts) which represents an attack surface for indirect prompt injection. However, since the primary data source is the official Apple developer portal and the processing logic is focused on structural API comparison, the risk is negligible.
- [DATA_EXPOSURE]: The skill reads local files within the
swiftui-expert-skillrepository to manage its reference list. No access to sensitive system paths or credentials was detected.
Audit Metadata