swift-wasm-porting
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill's core function is to analyze and refactor external Swift source code and packages. It lacks any boundary markers or instructions to ignore embedded commands within the files it processes.
- Ingestion points: Workflow step 1 involves analyzing target Swift packages or files.
- Boundary markers: None present.
- Capability inventory: The skill is authorized to 'Implement the changes' (write to disk) and 'Build with the Wasm toolchain' (execute shell commands).
- Sanitization: None present.
- [Command Execution] (MEDIUM): The skill is explicitly instructed to 'Build and test' and 'Always attempt a Wasm build.' This requires the agent to execute shell commands, which could be subverted if an attacker influences the build configuration or source files.
- [Data Exposure] (LOW): The skill targets specific system directories (
~/Library/Developer/Toolchains/). While typical for Swift development, this provides a known target path for any malicious instructions successfully injected into the agent's context.
Recommendations
- AI detected serious security threats
Audit Metadata