macos-development
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill is designed to analyze and review user-provided code, screenshots, and application audits in files such as
ui-review-tahoe/skill.mdandcoding-best-practices/skill.md. This represents a standard ingestion surface for untrusted data. Given the primary purpose is code review, this surface is expected. The agent's capabilities include file-writing (Writetool inapp-planner/skill.md), but these are constrained to creating planning documents. - Ingestion points: Code review requests, UI screenshots, and existing app audits.
- Boundary markers: Not explicitly defined in instructions, but common in agent frameworks.
- Capability inventory: Read, Write, Glob, Grep, WebFetch, AskUserQuestion.
- Sanitization: Relies on underlying LLM safety guardrails.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file paths were detected. Network operations (WebFetch) are intended for fetching developer documentation.
- Unverifiable Dependencies (SAFE): No external package managers (npm, pip) or remote script executions (curl | bash) are utilized. The skill provides code snippets for the user's reference only.
Audit Metadata