sosumi
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation provides instructions for users to install a CLI tool and MCP server using the
@nshipster/sosumipackage. These resources are hosted on public registries and the author's own domain (sosumi.ai). - [PROMPT_INJECTION]: The skill facilitates the ingestion of documentation content from external sources (Apple Developer documentation and third-party Swift-DocC sites). This creates a surface for indirect prompt injection, as the agent is instructed to use the retrieved content to formulate responses.
- Ingestion points: Content returned by the
sosumi.aitools and documentation fetcher. - Boundary markers: The skill instructions do not utilize specific delimiters or provide instructions to the agent to disregard embedded directives in the fetched content.
- Capability inventory: The skill is used for information retrieval and documentation lookup; it does not involve file system modifications or command execution within the agent's logic.
- Sanitization: No explicit content sanitization or validation of the retrieved Markdown is performed before it is processed by the agent.
Audit Metadata