homekit
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The content consists of educational documentation and Swift boilerplate for standard iOS development using HomeKit and MatterSupport frameworks.\n- [DATA_EXFILTRATION]: The skill demonstrates access to home automation hierarchies (accessories, services, and characteristics). This data access is managed via standard iOS permission prompts (
NSHomeKitUsageDescription) and is restricted to the application's legitimate context within the HomeKit database.\n- [PROMPT_INJECTION]: The skill documents how to ingest and display strings from the HomeKit environment (e.g.,accessory.name), which presents a surface for indirect prompt injection. Developers should treat these user-controllable strings as untrusted if they are used to influence agent logic.\n - Ingestion points:
SKILL.mdandreferences/matter-commissioning.md(accessory.name, service.serviceType, characteristic.value)\n - Boundary markers: None present in the documentation.\n
- Capability inventory: The skill enables reading and writing characteristic values (
readValue,writeValue) and executing grouped actions (HMActionSet)\n - Sanitization: No explicit sanitization or validation of strings is shown in the provided Swift UI code samples.
Audit Metadata