mapkit-geo
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Prompt Injection (SAFE): The content consists of descriptive metadata and Swift code examples. No instructions designed to override agent behavior or bypass safety filters were found.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, API keys, or access to sensitive local file paths (like SSH keys or environment files) were detected. Network operations are limited to standard OS-level geocoding APIs (CLGeocoder).
- Obfuscation (SAFE): No encoded strings, zero-width characters, or homoglyph-based evasion techniques are present in the code or metadata.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references 'GeoToolbox' and 'MapKit' as Swift frameworks. There are no commands for downloading external scripts or installing unverified packages from third-party registries.
- Privilege Escalation & Persistence (SAFE): The skill does not attempt to acquire administrative privileges or modify system startup configurations.
- Indirect Prompt Injection (SAFE): While the skill defines structures for processing location data (addresses and names), it lacks execution capabilities (like shell commands or file writes) that could be exploited via malicious data input.
Audit Metadata