ios-workflow-generator
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from the local codebase through exploration agents (Phase 2). While this creates an attack surface for indirect prompt injection if the codebase contains malicious comments or strings, the skill incorporates a mandatory user review phase (Phase 7) where the generated workflows must be explicitly approved before being written to disk. This human-in-the-loop requirement significantly mitigates the risk of automated exploitation.
- [DATA_EXPOSURE]: The skill explores the local application codebase to identify pages, components, and data models. This access is necessary for its primary purpose of generating test workflows and does not involve exfiltrating data to external domains or accessing sensitive system files beyond the project scope.
- [COMMAND_EXECUTION]: The skill uses an internal task management system (
TaskCreate,TaskUpdate) and spawns sub-agents for specialized tasks. These operations are part of the agent's internal orchestration and do not involve the execution of arbitrary shell commands or untrusted external scripts.
Audit Metadata