entrig-ios
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill facilitates the integration of the Entrig iOS SDK into native iOS projects using Swift or SwiftUI. It provides appropriate guidance for standard SDK setup tasks like configuration and device registration.
- [EXTERNAL_DOWNLOADS]: Fetches the SDK from the official vendor repository on GitHub (github.com/entrig/entrig-ios.git) and references the official dashboard (app.entrig.com).
- [SAFE]: The skill promotes secure development practices by explicitly advising against hardcoding API keys and suggesting the use of configuration files or environment variables for secret management.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it is designed to ingest and modify untrusted data from the user's project files.
- Ingestion points: Project files such as
AppDelegate.swift,Info.plist, and Xcode project/workspace files are read during the "Pre-flight" and "Wire AppDelegate" steps to determine integration requirements. - Boundary markers: Absent. No specific delimiters or instructions are provided to the agent to treat file content as untrusted or to ignore instructions embedded within the files being read.
- Capability inventory: The skill uses file-read and file-write operations across the project filesystem to perform its integration tasks.
- Sanitization: Absent. Content read from the project files is processed directly by the agent without sanitization, though the skill mandates showing code diffs to the user before applying changes, which serves as a manual review checkpoint.
Audit Metadata