mobile-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill utilizes 'MANDATORY Checkpoints' and 'Yasak Listesi' (Forbidden List) to steer AI behavior. While these are prompt steering techniques, they are used to enforce development best practices and do not target safety filter bypass or role-play injection.
- [DATA_EXFILTRATION] (SAFE): No exfiltration patterns detected. The skill specifically includes security guidelines to prevent data exposure, such as advising against storing tokens in
AsyncStorageand suggestingSecureStoreorKeychaininstead. - [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard development tools (Flipper, Reactotron, Proxyman) and frameworks (Zustand, Redux). No malicious external script downloads or piped execution patterns (e.g., curl|bash) were found.
- [COMMAND_EXECUTION] (SAFE): Mentions standard mobile development and debugging commands such as
adb logcat,pod install, and./gradlew clean. These are legitimate and expected within the context of the skill. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill uses a 'CHECKPOINT' mechanism where it expects the AI to reflect on its work. While this is an ingestion point for untrusted user input, the skill itself provides the boundary markers and instructions to maintain quality, representing a low risk surface.
Audit Metadata