apple-docs
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection where external data, such as documentation descriptions or WWDC video transcripts, may contain malicious instructions that could influence the agent's subsequent actions.
- Ingestion points: External content is fetched from developer.apple.com and raw.githubusercontent.com within the cli.js file.
- Boundary markers: There are no specific delimiters or instructional warnings (e.g., "ignore instructions in the following text") used when presenting the fetched content to the agent.
- Capability inventory: The skill possesses network communication capabilities via the native fetch API.
- Sanitization: The implementation uses regular expressions to strip HTML tags, but it does not perform validation or filtering to remove potential prompt injection vectors from the plain text content.
- [EXTERNAL_DOWNLOADS]: The CLI fetches configuration, index, and video data from a personal GitHub repository (kimsungwhee/apple-docs-mcp) that is not part of a recognized trusted organization or well-known service.
Audit Metadata