app-clips
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill contains technical documentation and standard boilerplate code for iOS App Clip development.
- [EXTERNAL_DOWNLOADS]: Includes reference links to sosumi.ai for framework documentation. These are informational links for reference and do not involve executable code downloads or automated remote script execution.
- [SAFE]: The skill handles external data via NSUserActivity invocation URLs, creating a surface for indirect prompt injection. Ingestion points: The handleInvocation method in SKILL.md ingests data from activity.webpageURL. Boundary markers: Absent in the provided Swift snippets. Capability inventory: Utilizes FileManager and UserDefaults for local storage and migration in shared App Group containers within SKILL.md. Sanitization: No explicit validation is performed on URL parameters before use in UI logic, which is typical for routing examples.
Audit Metadata