sparkle-mac
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill uses persona-based instructions to guide the agent as a Sparkle framework expert but contains no bypass or safety override patterns.
- [DATA_EXPOSURE_AND_EXFILTRATION]: Documents Sparkle's built-in system profiling feature which sends anonymous hardware and OS metadata to the update server. It provides guidance on configuring this feature and limiting the data sent via delegate methods. No unauthorized data exfiltration was detected.
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: References the official Sparkle project GitHub repository and domains for package integration via SPM, Carthage, and manual methods. All domains are legitimate and belong to the trusted vendor.
- [PRIVILEGE_ESCALATION]: Mentions standard macOS authorization prompts and sudo usage for developer testing of the updater's installation capabilities and file ownership.
- [INDIRECT_PROMPT_INJECTION]: 1. Ingestion points: The skill provides tools for the agent to process appcast XML and release notes (HTML/Markdown) from developer-specified remote URLs. 2. Boundary markers: The skill highlights developer-side security protocols such as HTTPS and EdDSA signing for these sources. 3. Capability inventory: Facilitates update checking, archive downloading, and triggering installation processes. 4. Sanitization: Documentation notes that Sparkle disables JavaScript in release notes by default and allows developers to restrict permitted URL schemes.
Audit Metadata