setup-fastlane
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill suggests and executes 'brew install fastlane'. While fastlane is a standard industry tool, it is an external dependency downloaded at runtime.
- [COMMAND_EXECUTION] (SAFE): The skill utilizes the Bash tool for routine tasks such as checking for Xcode CLI, Homebrew version, and finding project files. These are standard operations for the skill's purpose.
- [REMOTE_CODE_EXECUTION] (LOW): The skill includes a 'curl | bash' command pattern for Homebrew installation within an error message string. This command is not executed automatically by the agent but is presented to the user as a manual instruction.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection by reading project metadata from local files using grep. Evidence: 1. Ingestion points: .pbxproj files via grep; 2. Boundary markers: Absent; 3. Capability inventory: Bash, Write, Edit, Read; 4. Sanitization: Absent.
Audit Metadata