ios-expert
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a 'Memory Protocol' in SKILL.md that reads from .claude/context/memory/learnings.md using the Bash tool, creating an indirect prompt injection surface.
- Ingestion points: .claude/context/memory/learnings.md (read via cat).
- Boundary markers: Absent.
- Capability inventory: Bash, Write, Edit, Read, Grep, and Glob tools.
- Sanitization: Absent.
- [COMMAND_EXECUTION]: The skill is granted access to the Bash tool and is instructed to execute shell commands to manage its internal state. This capability increases the risk of command injection if the content being processed or stored in the memory file is malicious.
Audit Metadata