swiftui-microinteractions
Warn
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a detailed Python script template in
SKILL.mddesigned to modify the Xcode project'sproject.pbxprojfile. It instructs the agent to run this script to automate the registration of generated files, which involves generating unique identifiers and performing regex-based edits on core project configuration. - [COMMAND_EXECUTION]: The skill uses shell commands, specifically
find, to locate.xcodeprojdirectories within the user's workspace up to a depth of three levels. - [EXTERNAL_DOWNLOADS]: The
README.mdprovides manual installation instructions that involve downloading the skill definition file directly from a remote GitHub repository usingcurl. - [DATA_EXFILTRATION]: The skill performs local file system scanning for assets and specific project files (like
HapticFeedback.swiftandAssets.xcassets) to tailor its code generation. While these are read operations, there is no evidence of the data being transmitted to external domains beyond the intended code generation output. - [PROMPT_INJECTION]: The skill contains logic for processing and 'normalizing' user-provided prompts through an intent inference system. While it ingests untrusted user input, its primary capability is code generation, which significantly limits the impact of potential indirect prompt injection attacks.
Audit Metadata