ios-development
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The 'Self-Update Protocol' section instructs the agent to search the web for new iOS version announcements and 'update this skill file before proceeding.' This mechanism creates an Indirect Prompt Injection surface where malicious content from external websites could influence or modify the agent's core operational instructions.
- Ingestion points: The agent is instructed to read content from web searches (Apple Developer News, WWDC videos, SwiftUI APIs) as described in the 'Self-Update Protocol' in SKILL.md.
- Boundary markers: There are no specified delimiters or 'ignore embedded instructions' warnings for the data fetched from the web.
- Capability inventory: The skill provides shell commands for building, testing, and archiving iOS apps via 'xcodebuild' (Part 8), which the agent would execute in its environment.
- Sanitization: No sanitization or validation logic is provided to filter the content retrieved from the web before the agent uses it to 'update' its instructions.
- [COMMAND_EXECUTION]: The skill provides templates for shell commands in 'Part 8: COMMON COMMANDS' (e.g., xcodebuild -scheme, xcodebuild test). While these are standard iOS development tools, they represent a capability for the agent to execute subprocesses in the host environment, which could be exploited if the agent is influenced by malicious instructions.
Audit Metadata