swift-macos
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references downloading and installing the
swiftlytoolchain manager fromswift.organd various dependencies through the Swift Package Manager. These are well-known and official sources for Swift development. - [COMMAND_EXECUTION]: Provides instructions and examples for using command-line tools such as
xcodebuild,notarytool, andstaplerfor application distribution, as well astccutilfor managing system permissions during development. It also includes a local validation script inpackage.json. - [DATA_EXFILTRATION]: Documents the use of
ScreenCaptureKitandAVFoundationfor capturing screen content, application audio, and microphone input. While these are core features of the documented framework, they represent a sensitive data access surface. - [PROMPT_INJECTION]: Documents the
Foundation Modelsframework for on-device AI, which creates an indirect prompt injection surface as it teaches building apps that process LLM-generated content. - Ingestion points:
references/foundation-models.mdusesLanguageModelSession.respond(to:)to process arbitrary text. - Boundary markers: Absent in the provided code snippets.
- Capability inventory: The skill covers extensive system capabilities including file system access (
references/system-integration.md) and shell command execution (references/distribution.md). - Sanitization: No explicit sanitization or validation of LLM output is demonstrated in the examples.
Audit Metadata