plain-talk-reportcard
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to perform a static audit of a local iOS/Swift codebase. It uses provided tools (Grep, Glob, Read) to analyze source code for common issues related to user experience, reliability, and security.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it reads and processes content from the user's codebase (e.g., .swift files and CLAUDE.md). However, because the skill has no network access and requires manual verification of findings (Step 5), the risk is negligible and inherent to the tool's purpose.
- [DATA_EXPOSURE]: The skill scans for hardcoded secrets (API keys, passwords) and insecure storage (UserDefaults) within the project files. This behavior is documented and aligns with the tool's goal of providing a security assessment. There is no evidence of data being transmitted outside the local environment.
Audit Metadata