contacts-framework
Pass
Audited by Gen Agent Trust Hub on May 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides documentation and code for using official Apple APIs for contact management. The implementation patterns are consistent with official documentation, including the requirement for user authorization and privacy-conscious data access. No suspicious command execution or unauthorized network activity was detected.
- [PROMPT_INJECTION]: The skill includes methods for reading user contact data, which constitutes an indirect prompt injection surface. Because the skill's purpose is framework documentation and it does not demonstrate unsafe processing or interpretation of this data, this is noted as an inherent risk of the data type rather than a vulnerability.
- Ingestion points: CNContactStore fetch and enumeration methods in SKILL.md and references/contacts-patterns.md.
- Boundary markers: Absent; the instructions do not explicitly caution about untrusted content within contact fields.
- Capability inventory: Contact modification logic (create, update, delete) using CNSaveRequest in SKILL.md.
- Sanitization: Absent; the examples demonstrate direct API handling of contact properties.
Audit Metadata