musickit
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a legitimate technical guide for using official Apple developer frameworks (MusicKit, MediaPlayer, and AVFoundation).
- [SAFE]: No signs of prompt injection, obfuscation, or malicious intent were found in the instructions or code snippets.
- [SAFE]: All described network operations utilize official Apple APIs for catalog access and do not involve unauthorized data exfiltration or connections to suspicious domains.
- [SAFE]: The skill promotes security best practices by instructing developers to correctly configure entitlements, request user permissions, and provide mandatory usage descriptions in the app's Info.plist.
- [PROMPT_INJECTION]: The skill includes patterns for ingesting data from the Apple Music catalog (e.g., search results). While this technically constitutes a surface for indirect prompt injection via track metadata, the potential impact is negligible as the available capabilities are restricted to media playback and library management. No evidence of active exploitation or malicious design was found.
- Ingestion points: MusicCatalogSearchRequest results in SKILL.md and references/musickit-patterns.md
- Boundary markers: Absent
- Capability inventory: Music playback controls (ApplicationMusicPlayer), library management (MusicLibrary.shared.add)
- Sanitization: Absent
Audit Metadata