Skills
skills/pluginagentmarketplace/custom-plugin-swift/swift-macos/Gen Agent Trust Hub

swift-macos

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill includes bash scripts and instructions for executing macOS system tools like codesign, xcrun notarytool, and spctl. These commands are essential for the skill's primary purpose but involve high-integrity operations on the host system.
  • [CREDENTIALS_UNSAFE] (LOW): The notarize.sh script and SKILL.md snippets utilize environment variables such as $APP_PASSWORD and $APPLE_ID. While this avoids hardcoding secrets, it relies on the user to manage these sensitive credentials securely in their environment.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill performs legitimate network communication with Apple's notarization services using xcrun notarytool. An automated security alert flagged com.apple.sa as a phishing URL; however, this string is part of the standard macOS com.apple.sandbox identifier used in the troubleshooting section, indicating a false positive.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:17 PM