Skills
NYC
skills/erichowens/some_claude_skills/metal-shader-expert/Gen Agent Trust Hub

metal-shader-expert

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Command Execution] (LOW): The skill uses the Bash tool restricted to xcrun, metal, and metallib. These are standard command-line utilities for the Metal development toolchain used to compile and link shader libraries.
  • [Indirect Prompt Injection] (LOW): This skill ingests untrusted data through mcp__firecrawl__firecrawl_search and WebFetch (Ingestion points) for researching SIGGRAPH papers and documentation. There are no explicit boundary markers or sanitization steps mentioned. However, because the agent's capabilities are focused on generating specialized MSL code, the risk of a malicious instruction influencing the system via the LLM is low.
  • [Dynamic Execution] (LOW): The skill generates shader source code and compiles it at runtime using xcrun. While runtime compilation is typically a MEDIUM risk, it is the primary intended purpose of this skill (shader expertise) and is thus downgraded to LOW.
  • [Prompt Injection] (SAFE): No patterns of system prompt extraction, safety filter bypass, or role-play jailbreaks (e.g., DAN) were detected in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:14 PM