apple-targets
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing the tool using npx skills and bunx create-target. It also includes numerous links to official Apple Developer documentation and WWDC session videos, which are well-known and trusted sources.
- [COMMAND_EXECUTION]: The skill documents standard development commands such as npx expo prebuild and bunx create-target. These are intended for local environment setup and project generation within the Expo ecosystem and are consistent with the skill's primary purpose.
- [DATA_EXPOSURE]: The guides correctly describe the use of App Groups and shared Keychains for inter-process communication between an app and its extensions. The examples use standard placeholders for server URLs and identifiers, following Apple's recommended security architecture.
- [PROMPT_INJECTION]: No patterns matching prompt injection or agent behavior override instructions were detected in the skill's markdown or documentation.
- [INDIRECT_PROMPT_INJECTION]: The skill describes building components that process untrusted external data (e.g., SMS message filters, push notification service extensions). While this creates an attack surface in the resulting applications, the skill provides legitimate templates and architectural guidance for these standard platform features.
Audit Metadata