bootstrap-swift-package
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on local shell scripts (
scripts/bootstrap_swift_package.sh) and Python scripts (scripts/customization_config.py) to automate development tasks. These scripts execute system-level commands includingswift,git, andfind. - [COMMAND_EXECUTION]: The
bootstrap_swift_package.shscript performs dynamic code generation by programmatically patchingPackage.swiftwith Swift code snippets based on user-selected platform presets and version profiles. This resulting file is subsequently compiled and executed viaswift buildandswift test. - [PROMPT_INJECTION]: The skill implements an 'Interactive Customization Flow' which permits modification of the skill's own instructions (
SKILL.md) and runtime scripts through natural language interactions. This provides a surface for indirect prompt injection. Ingestion points: Customization requests entering via the interactive flow described inSKILL.md. Boundary markers: Absent for customization input. Capability inventory: File writing (target.write_text), shell script execution (scripts/bootstrap_swift_package.sh), and compiler invocation (swift build). Sanitization: No explicit sanitization or validation logic is defined for the customization process, relying on the agent's interpretation of natural language requests. - [SAFE]: Configuration data is stored locally within the user's home directory (
~/.config/gaelic-ghost/...) using standard paths, and the skill does not perform unauthorized data exfiltration or external network requests.
Audit Metadata