axiom-apple-docs
Warn
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the agent to fetch documentation from sosumi.ai, which is described as a third-party markdown mirror of Apple's official developer site. Content from this unverified external source is ingested directly into the agent's context.
- [DATA_EXFILTRATION]: The skill instructs the agent to read files from ~/Library/Caches/superpowers/browser/, a sensitive directory that contains browser session data and metadata.
- [DATA_EXFILTRATION]: The skill provides instructions to access internal application resources and documentation within /Applications/Xcode.app/ and its associated developer toolchains.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting data from external and local sources without sanitization or boundary markers. * Ingestion points: Local documentation files in Xcode.app and remote content from the sosumi.ai mirror. * Boundary markers: Absent; the instructions do not guide the agent to use delimiters or ignore embedded instructions within the documentation. * Capability inventory: File system reading (Read tool), network requests (WebFetch tool), and directory listing (ls command). * Sanitization: None; there is no evidence of filtering or validation of the content retrieved from these sources.
Audit Metadata