stream-swift
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes restricted Bash commands to perform project environment detection (e.g., searching for .xcodeproj or Package.swift) and to interact with the official Stream CLI. These operations are limited to necessary integration tasks such as generating user tokens and retrieving API keys from the user's authorized environment.\n- [EXTERNAL_DOWNLOADS]: Instructions and blueprints reference official Stream repositories on GitHub for installing SDK dependencies via Swift Package Manager. These URLs target trusted vendor-owned infrastructure and do not include scripts executed via insecure remote execution patterns.\n- [PROMPT_INJECTION]: An indirect prompt injection surface is present as the skill reads and processes local project files to determine the integration path.\n
- Ingestion points: SKILL.md (Project signals), builder.md.\n
- Boundary markers: No specific delimiters or instructions to ignore embedded content are used when reading files like Package.swift.\n
- Capability inventory: The agent has access to Write, Edit, and Bash tools across multiple integration scripts.\n
- Sanitization: Content from project files is read directly without explicit sanitization, though use-case-specific logic is applied to categorize the project.\n- [SAFE]: The skill effectively implements security-conscious rules, such as discarding sensitive app secrets from the system clipboard after retrieval and enforcing main-actor boundaries for UI updates in the provided Swift code blueprints.
Audit Metadata