alloy-howtos
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as a documentation and configuration guide for the Titanium Alloy framework. All referenced resources, such as the tidev GitHub organization and the official NPM package registry, are legitimate and well-known in the mobile development community.
- [COMMAND_EXECUTION]: The skill includes reference documentation for Alloy and Titanium CLI commands used for project management. While the skill permits the agent to use the Bash tool with 'node' and 'alloy' prefixes, these capabilities are directly aligned with the intended purpose of managing and building Alloy-based applications.
- [EXTERNAL_DOWNLOADS]: Installation instructions guide the user or agent to fetch official framework components from trusted sources like the NPM registry and the tidev organization's public repository.
- [PROMPT_INJECTION]: As the skill is designed to analyze project-specific code and configurations (e.g., config.json, alloy.jmk), it possesses an inherent surface for indirect prompt injection if those project files contain malicious instructions. No evidence of intentional vulnerability or bypass logic was found within the skill's own content.
Audit Metadata