mobile-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill defines a development doctrine and contains no instructions to bypass safety filters or override system prompts.\n- [Data Exposure & Exfiltration] (SAFE): No hardcoded secrets or sensitive file path access detected. The skill explicitly promotes the use of secure storage (Keychain/SecureStore) over insecure alternatives like AsyncStorage.\n- [Remote Code Execution] (SAFE): No suspicious remote script executions or unverified package installations found. Mentions of debugging tools (Flipper, Reactotron) are consistent with standard development practices.\n- [Indirect Prompt Injection] (LOW): The skill establishes an attack surface by reading untrusted project data via 'Read', 'Glob', and 'Grep' tools. 1. Ingestion points: File analysis of project source code. 2. Boundary markers: Absent. 3. Capability inventory: Bash, Read, Glob, Grep. 4. Sanitization: Absent. While this is a vulnerability surface, the skill includes structured checkpoints to help the agent maintain context and reduce accidental obedience to embedded instructions.
Audit Metadata