android-to-ios
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill instructs the agent to execute a local Ruby script (
add_to_xcode.rb) to register generated Swift files with the Xcode project. This is a functional requirement and uses a path within the plugin root. - [Indirect Prompt Injection] (LOW): The skill ingests and analyzes external Android source code and local style guide files. This creates a surface for indirect prompt injection if those files contain adversarial instructions.
- Ingestion points: Path provided by user for Android codebase and
.claude/codebase-style.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the prompt templates.
- Capability inventory: File system read (Android/iOS files), File system write (iOS source files), and Shell command execution (Ruby script).
- Sanitization: No sanitization or validation of the ingested source code is performed before analysis.
Audit Metadata