screen-time-api-engineer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions were found that attempt to bypass AI safety filters or override system behavior. The guidelines provided are strictly architectural and implementation-focused.
- Data Exposure & Exfiltration (SAFE): No sensitive file paths (e.g., SSH keys, AWS creds) or hardcoded credentials were detected. External URLs are restricted to trusted Apple Developer documentation domains.
- Remote Code Execution (SAFE): The skill does not contain any patterns for downloading and executing remote scripts. The included scripts (
check_required_sections.shandcheck_source_coverage.py) are benign local utilities for documentation maintenance. - Obfuscation (SAFE): No Base64 encoding, zero-width characters, or homoglyph-based obfuscation was found in the text or script files.
- Privilege Escalation (SAFE): No commands requiring elevated privileges (e.g.,
sudo) or modifications to system-level configurations were identified. - Indirect Prompt Injection (SAFE): While the skill references external project implementations (Project Alpha/Beta), it defines a clear 'evidence-first' model and validation checklists that mitigate the risk of accidental obedience to instructions embedded in processed project files.
Audit Metadata