hig-project-context
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8).
- Ingestion points: The skill reads untrusted external data from
README.md,Package.swift,.xcodeproj,Info.plist, and general project source code. - Boundary markers: There are no instructions for the agent to use delimiters or to ignore embedded instructions within these files.
- Capability inventory: The skill has the capability to read any file in the project directory, execute shell commands (via grep), and write files (
.claude/apple-design-context.md). - Sanitization: There is no mention of sanitizing or validating the content extracted from project files before it is processed or written back to the disk.
- Risk: An attacker could place malicious instructions in a
README.mdor a code comment that the agent would then follow while attempting to 'configure project context', potentially leading to unintended file modifications or data exposure. - COMMAND_EXECUTION (MEDIUM): The skill instructs the agent to 'Grep for accessibility modifiers/attributes'. While useful for discovery, executing shell commands on untrusted source code can be leveraged if an attacker crafts filenames or file content to escape the grep command context.
Recommendations
- AI detected serious security threats
Audit Metadata