Skills
skills/ravnhq/ai-toolkit/localize-ios/Gen Agent Trust Hub

localize-ios

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a bundled Swift script (add_to_xcodeproj.swift) using swift sh to automate project file modifications. This is an expected behavior for an automation tool of this type.
  • [EXTERNAL_DOWNLOADS]: The add_to_xcodeproj.swift script fetches the XcodeProj library from the tuist organization on GitHub. This is a well-known and trusted library for managing Xcode projects.
  • [REMOTE_CODE_EXECUTION]: The skill recommends the installation of the xcstrings-tool-plugin from a third-party GitHub repository to enable type-safe localization. This is a common practice in the iOS community and is initiated by the user.
  • [DATA_EXFILTRATION]: The skill reads Swift source files and project metadata to identify localization candidates. No network exfiltration or access to sensitive system files was detected.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection from the Swift files it processes. This risk is mitigated by the requirement to present all extracted strings to the user for review and confirmation before any modifications are made.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 07:51 PM