Skills
skills/rshankras/claude-code-apple-skills/design/Gen Agent Trust Hub

design

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Data Exposure] (LOW): Hardcoded absolute file paths expose environment-specific details.
  • Evidence: Reference documentation points to /Users/ravishankar/Downloads/docs/ in SKILL.md.
  • Risk: Disclosure of the developer's local username ('ravishankar') and folder hierarchy.
  • [Indirect Prompt Injection] (LOW): The skill possesses a surface for indirect prompt injection by reading from local documentation files with powerful file-manipulation tools enabled.
  • Ingestion points: Local documentation files (SwiftUI and AppKit design guides) referenced in SKILL.md.
  • Boundary markers: Absent. No delimiters or instructions to ignore embedded commands are included in the reference section.
  • Capability inventory: Read, Write, Edit, Glob, Grep, and AskUserQuestion.
  • Sanitization: Absent. The skill does not validate or sanitize the content of the referenced files before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 05:29 PM