proximity-reader
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- SAFE (SAFE): No malicious patterns or security risks were identified. The analyzed files are informational markdown documents intended to guide developers in implementing Apple's Tap to Pay and mobile ID verification features.
- Indirect Prompt Injection (INFO): While the documentation describes the ingestion of external data (NFC reads and JWT tokens), the skill itself is passive reference material and does not provide an active attack surface for prompt injection.
- Data Exposure (INFO): All code examples use industry-standard placeholders (e.g.,
<your-team-id>,https://your-server.com) rather than hardcoded secrets or sensitive configuration data. - Unverifiable Dependencies (INFO): A Python example references the
PyJWTlibrary (import jwt), which is a standard, reputable library for token handling.
Audit Metadata