native-app-profiling
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- PROMPT_INJECTION (SAFE): No instructions found that attempt to bypass AI safety filters, override system prompts, or extract system instructions.
- DATA_EXFILTRATION (SAFE): The skill does not perform network operations or access sensitive directories like SSH keys or AWS credentials. File operations are restricted to temporary trace files in /tmp/.
- COMMAND_EXECUTION (SAFE): Commands utilize standard Apple developer utilities for their intended purpose. While the documentation notes that some operations might require sudo, this is a standard requirement for system-level profiling and is not used to perform unauthorized privilege escalation.
- EXTERNAL_DOWNLOADS (SAFE): The skill does not download external packages or execute remote scripts. All tools referenced (xctrace, xcrun, vmmap, atos) are part of the standard macOS/Xcode toolchain.
- INDIRECT_PROMPT_INJECTION (LOW): The skill provides command templates that take user-provided arguments like process IDs or application names.
- Ingestion points: User-provided , , and paths.
- Boundary markers: None (standard CLI templates).
- Capability inventory: Shell command execution via xctrace and vmmap.
- Sanitization: Relies on the agent's reasoning to sanitize inputs before command construction. Severity is LOW as this is inherent to CLI helper skills.
- OBFUSCATION (SAFE): The content is clear markdown with no hidden characters, Base64 encoding, or homoglyphs.
Audit Metadata