hig-project-context
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: Uses the 'grep' utility to scan local project files for accessibility modifiers and attributes during the context-gathering phase.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted content from local project files which could serve as an attack surface for indirect instructions.
- Ingestion points: README.md, Package.swift, .xcodeproj, Info.plist, source code files, and Assets.xcassets.
- Boundary markers: None specified in the instructions.
- Capability inventory: Local file reading, file writing to '.claude/apple-design-context.md', and subprocess execution (grep).
- Sanitization: No explicit sanitization or validation of extracted text is mentioned before document generation.
- [DATA_EXPOSURE]: Accesses local project configuration and source files (README, Info.plist, etc.) to extract design context, which is the primary intended function of the skill.
Audit Metadata