create-watchos-version
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it is designed to ingest and analyze untrusted project data (e.g., framework names, project structure) to perform web searches and generate implementation plans. An attacker could embed instructions in project files to manipulate the search terms or the final plan. * Ingestion points: Phase 1 explicitly scans project root files like Package.swift and Info.plist. * Boundary markers: There are no instructions to use delimiters or ignore embedded commands. * Capability inventory: The skill utilizes web searching and text generation. * Sanitization: No sanitization of project data is performed before interpolation.
- NO_CODE (SAFE): Analysis confirms that the skill contains no executable scripts (e.g., .py, .js, .sh) or compiled binaries. It consists entirely of markdown-based instructions, reference tables, and templates for the AI agent to follow.
Audit Metadata