axiom-apple-docs

Warn

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs the agent to fetch documentation from sosumi.ai, which is described as a third-party markdown mirror of Apple's official developer site. Content from this unverified external source is ingested directly into the agent's context.
  • [DATA_EXFILTRATION]: The skill instructs the agent to read files from ~/Library/Caches/superpowers/browser/, a sensitive directory that contains browser session data and metadata.
  • [DATA_EXFILTRATION]: The skill provides instructions to access internal application resources and documentation within /Applications/Xcode.app/ and its associated developer toolchains.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting data from external and local sources without sanitization or boundary markers. * Ingestion points: Local documentation files in Xcode.app and remote content from the sosumi.ai mirror. * Boundary markers: Absent; the instructions do not guide the agent to use delimiters or ignore embedded instructions within the documentation. * Capability inventory: File system reading (Read tool), network requests (WebFetch tool), and directory listing (ls command). * Sanitization: None; there is no evidence of filtering or validation of the content retrieved from these sources.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 28, 2026, 08:09 PM
Security Audit — agent-trust-hub — axiom-apple-docs