emrah-skills
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill facilitates the ingestion of external data via Swagger/OpenAPI specifications.
- Ingestion points: The skill prompts the agent to fetch and process an OpenAPI/Swagger specification from a user-provided URL in
SKILL.md. - Capability inventory: The agent has the capability to execute shell commands (e.g.,
bunx create-expo,npx expo install,bun add) and perform file system writes across the project structure. - Boundary markers: There are no explicit boundary markers or instructions telling the agent to treat the contents of the Swagger specification as data only and to ignore any natural language instructions embedded within it.
- Sanitization: The skill does not define any validation or sanitization steps for the fetched specification before the agent processes it to generate code.
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of external development tools.
- Maestro CLI: The instructions suggest downloading the Maestro binary from the official
mobile-dev-incGitHub repository releases. This is a well-known service for mobile testing and is documented neutrally.
Audit Metadata