axiom-apple-docs-research
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill suggests fetching documentation from 'sosumi.ai', a third-party service. While intended for easier readability, it introduces a dependency on an untrusted external domain.
- [COMMAND_EXECUTION]: It provides specific shell commands (
ls -lt ~/Library/Caches/superpowers/browser/*/session-* | head -5) to allow the agent to locate and access tool-specific session data on the local filesystem. - [PROMPT_INJECTION]: The skill processes external content from WWDC transcripts and third-party documentation, which constitutes an indirect prompt injection surface.
- Ingestion points: Files are read from local cache directories and content is fetched from external web sources.
- Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present in the skill definition.
- Capability inventory: The agent has access to browser navigation, shell command execution (directory listing), and file reading tools.
- Sanitization: There is no evidence of sanitization or validation of the external content before it is processed by the agent.
Audit Metadata