Skills
skills/ravnhq/ai-toolkit/localize-ios/Gen Agent Trust Hub

localize-ios

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a bundled Swift script named 'add_to_xcodeproj.swift' to integrate localization catalogs into the Xcode project. This execution relies on 'swift sh' being available on the system.
  • [REMOTE_CODE_EXECUTION]: The 'add_to_xcodeproj.swift' script uses 'swift-sh' to resolve and download the 'tuist/XcodeProj' library from GitHub at runtime. This process involves executing code downloaded from an external source during the skill's operation.
  • [EXTERNAL_DOWNLOADS]: The workflow encourages and facilitates the installation of the 'xcstrings-tool-plugin' from GitHub to provide compile-time safety for localization keys.
  • [PROMPT_INJECTION]: The skill processes local Swift source files to extract user-facing strings. This creates a surface for indirect prompt injection where malicious content in the source files could attempt to influence the agent's behavior during the extraction or key-generation steps.
  • Ingestion points: Swift source files specified by the user.
  • Boundary markers: None present.
  • Capability inventory: File system modification and command execution.
  • Sanitization: None observed in the workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 06:26 PM