swift-accessibility
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Significant risk of indirect prompt injection. Ingestion points: The skill globs and reads project source files (SKILL.md Phase 1). Boundary markers: No delimiters or isolation instructions are provided when processing code content. Capability inventory: The skill modifies files using the 'Edit' tool and creates new XCTest files (SKILL.md Phase 3-4). Sanitization: No sanitization is performed on processed content. Attackers could embed malicious instructions in Swift comments to manipulate agent behavior during the automated fix process.
Recommendations
- AI detected serious security threats
Audit Metadata