build-ios-apps

Fail

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill explicitly directs the agent to prompt the user for their Apple ID email and password during the 'First-Time Setup' and pass these credentials as arguments to the ./ios-cli binary.
  • [DATA_EXFILTRATION]: The skill's primary workflow involves zipping the user's local source code and uploading it to https://ios.chorus.com/api/build for remote compilation on a third-party build server.
  • [COMMAND_EXECUTION]: The SKILL.md file contains a dynamic context injection command !cat ~/.vibecode/ios/config.json that executes on the host machine to read local configuration data when the skill is loaded.
  • [COMMAND_EXECUTION]: The skill includes a scripts/bootstrap.sh script that executes multiple shell commands, including sed, find, and git, to automate project generation and initialization.
  • [REMOTE_CODE_EXECUTION]: The skill depends on the execution of a local binary ./ios-cli for all core operations, which communicates with remote APIs and handles sensitive user data.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jul 6, 2026, 02:42 PM
Security Audit — agent-trust-hub — build-ios-apps