swiftui-microinteractions

Warn

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a detailed Python script template in SKILL.md designed to modify the Xcode project's project.pbxproj file. It instructs the agent to run this script to automate the registration of generated files, which involves generating unique identifiers and performing regex-based edits on core project configuration.
  • [COMMAND_EXECUTION]: The skill uses shell commands, specifically find, to locate .xcodeproj directories within the user's workspace up to a depth of three levels.
  • [EXTERNAL_DOWNLOADS]: The README.md provides manual installation instructions that involve downloading the skill definition file directly from a remote GitHub repository using curl.
  • [DATA_EXFILTRATION]: The skill performs local file system scanning for assets and specific project files (like HapticFeedback.swift and Assets.xcassets) to tailor its code generation. While these are read operations, there is no evidence of the data being transmitted to external domains beyond the intended code generation output.
  • [PROMPT_INJECTION]: The skill contains logic for processing and 'normalizing' user-provided prompts through an intent inference system. While it ingests untrusted user input, its primary capability is code generation, which significantly limits the impact of potential indirect prompt injection attacks.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 21, 2026, 10:50 AM
Security Audit — agent-trust-hub — swiftui-microinteractions