Skills
skills/kmshdev/claude-swift-toolkit/swiftui-view-refactor/Gen Agent Trust Hub

swiftui-view-refactor

Fail

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The PostToolUse hook defined in the SKILL.md frontmatter is vulnerable to command injection. It uses jq to extract a file path and then pipes it to xargs -I{} sh -c. Because xargs performs a literal string replacement of {} within the shell command string, an attacker can craft a file name containing shell metacharacters (such as ;, `, or $()) to break out of the intended command and execute arbitrary shell instructions.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted SwiftUI source code without sufficient isolation.
  • Ingestion points: The agent reads and refactors external .swift files as part of its primary workflow.
  • Boundary markers: Absent; the skill does not use XML-style tags or explicit 'ignore embedded instructions' warnings when interpolating file content into its context.
  • Capability inventory: The agent possesses the capability to execute shell commands via the PostToolUse hook and modify the local filesystem.
  • Sanitization: Absent; there is no validation or filtering of file names or content before they are processed by the shell-based hook or the agent's logic.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 14, 2026, 06:02 PM