build-ios-apps
Fail
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill explicitly directs the agent to prompt the user for their Apple ID email and password during the 'First-Time Setup' and pass these credentials as arguments to the
./ios-clibinary. - [DATA_EXFILTRATION]: The skill's primary workflow involves zipping the user's local source code and uploading it to
https://ios.chorus.com/api/buildfor remote compilation on a third-party build server. - [COMMAND_EXECUTION]: The
SKILL.mdfile contains a dynamic context injection command!cat ~/.vibecode/ios/config.jsonthat executes on the host machine to read local configuration data when the skill is loaded. - [COMMAND_EXECUTION]: The skill includes a
scripts/bootstrap.shscript that executes multiple shell commands, includingsed,find, andgit, to automate project generation and initialization. - [REMOTE_CODE_EXECUTION]: The skill depends on the execution of a local binary
./ios-clifor all core operations, which communicates with remote APIs and handles sensitive user data.
Recommendations
- AI detected serious security threats
Audit Metadata