ios-developer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest untrusted external data (requirements, designs, and API documentation) and transform it into executable code and automation workflows.
- Ingestion points: Processes user-provided app specifications and external resource files (e.g.,
resources/implementation-playbook.md). - Boundary markers: Absent. There are no instructions to the agent to distinguish between its own system instructions and instructions potentially embedded within user-provided project documentation.
- Capability inventory: The skill generates production-ready Swift code, network configurations (URLSession/Combine), and sensitive automation scripts (Fastlane, GitHub Actions, Xcode Cloud).
- Sanitization: Absent. The agent does not verify the intent of instructions found within design documents before translating them into code logic.
- Command Execution (LOW): The skill explicitly masters automation tools like Fastlane and CI/CD pipelines. While these are standard in the domain, the generation of shell-executable automation logic based on external requirements carries an inherent risk of command injection if the agent is not instructed to sanitize inputs.
Recommendations
- AI detected serious security threats
Audit Metadata