mobile-design
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides high-quality technical guidance and actively promotes security best practices. It explicitly warns against storing sensitive data in insecure locations like AsyncStorage and provides instructions for using secure alternatives like Keychain and SecureStore.
- [COMMAND_EXECUTION]: The skill includes a Python script (
scripts/mobile_audit.py) and allows the use of theBashtool. This is a legitimate utility intended to perform static analysis on mobile source code to detect performance and UX issues. - [INDIRECT_PROMPT_INJECTION]: The static analysis script (
scripts/mobile_audit.py) presents an indirect prompt injection surface as it reads and processes external source code. - Ingestion points: The script reads files in the target project directory through the
audit_fileandaudit_directoryfunctions. - Boundary markers: The output is formatted as a technical report, which helps distinguish scan results from instructions, though no explicit delimiters are used.
- Capability inventory: The skill allows
Bash,Read,Glob, andGreptools, providing the agent with the ability to execute the audit and read the project files. - Sanitization: The script performs regex-based scanning and does not execute or evaluate the content of the files it reads.
Audit Metadata