arkit-visionos-developer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- PROMPT_INJECTION (SAFE): The skill contains instructional content directed at an AI agent to help it act as a developer assistant. No attempts to bypass safety filters, extract system prompts, or override agent constraints were found. Natural instructional language is used appropriately for its stated purpose.
- DATA_EXFILTRATION (SAFE): There are no hardcoded API keys, tokens, or sensitive file paths. The code samples utilize standard Apple ARKit APIs which operate within the visionOS security sandbox and require explicit user authorization (e.g., NSHandsTrackingUsageDescription).
- OBFUSCATION (SAFE): No encoded strings (Base64), zero-width characters, homoglyphs, or other obfuscation techniques were detected in the markdown or code samples.
- REMOTE_CODE_EXECUTION (SAFE): The skill does not contain any commands for downloading or executing remote scripts (e.g., curl|bash). All code provided is for local development in Swift/Xcode.
- INDIRECT_PROMPT_INJECTION (SAFE): While the skill describes data providers that ingest external data (Barcodes, Camera Frames, Images), the skill itself consists of static documentation. It does not provide a runtime tool that processes untrusted data within the agent's context.
Audit Metadata