contacts-framework
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION]: The skill facilitates access to sensitive user contact information, including names, phone numbers, and email addresses, using the native iOS CNContactStore. This access is guarded by standard iOS authorization procedures documented in the skill. No unauthorized network operations or exfiltration of this data were identified.
- [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by documentation of methods to read and process user-controlled contact properties.
- Ingestion points: Contact data is ingested via CNContactStore.unifiedContacts and CNContactStore.enumerateContacts in SKILL.md, and via CNContactVCardSerialization.contacts in references/contacts-patterns.md.
- Boundary markers: Not present. The provided examples do not include delimiters or instructions for the agent to ignore instructions embedded within contact fields.
- Capability inventory: The skill includes contact database write access (CNSaveRequest) but does not implement network or subprocess capabilities.
- Sanitization: None. Contact fields are handled as raw strings or objects without validation or escaping before display or storage.
Audit Metadata