ios-platform
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides instructions and code templates for standard iOS development tasks.
- [CREDENTIALS_UNSAFE]: While the skill handles authentication tokens, it explicitly follows security best practices by recommending and implementing storage in the iOS Keychain rather than insecure locations like UserDefaults. It uses the standard Apple 'Security' framework for these operations.
- [DATA_EXFILTRATION]: Network operations are confined to standard API interactions using URLSession. The implementation includes logic for token-based authentication and refresh, which is standard for mobile applications. No suspicious network destinations or unauthorized data collection patterns were found.
- [INDIRECT_PROMPT_INJECTION]: The skill implements deep link resolution, which involves processing external data (URLs). However, it uses a robust mitigation strategy by mapping these URLs to a type-safe 'AppRoute' enum, ensuring that external input can only trigger a predefined set of internal application states and preventing arbitrary execution or navigation.
- [REMOTE_CODE_EXECUTION]: No remote code execution patterns were found. The skill generates compile-ready Swift code for local development. References to external sources are limited to official Apple Developer documentation and WWDC sessions.
- [COMMAND_EXECUTION]: The skill's metadata allows the use of 'Bash' specifically scoped to 'swift:*' commands. This is consistent with its purpose as an iOS development assistant, likely used for checking code syntax or project configuration.
Audit Metadata