ios-security-and-rbac

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: No malicious overrides, jailbreak-style instructions, or system prompt extraction attempts were found. The instructional language is focused on implementing security features.
  • [DATA_EXFILTRATION]: No evidence of unauthorized data transfer or exfiltration. The skill follows best practices by recommending the storage of sensitive information in the iOS Keychain and Secure Enclave rather than insecure storage like UserDefaults.
  • [COMMAND_EXECUTION]: The Swift code provided uses standard iOS framework APIs (Security, Foundation, LocalAuthentication) and low-level syscalls (e.g., ptrace, sysctl, stat). These are utilized strictly for implementing defensive measures such as anti-debugging and environment integrity checks.
  • [EXTERNAL_DOWNLOADS]: No remote scripts or binary assets are downloaded or executed. The skill is entirely comprised of local Markdown documentation and Swift source code examples.
  • [CREDENTIALS_UNSAFE]: No hardcoded credentials or API keys were detected. The skill uses explicit placeholders for cryptographic hashes and instructs developers to fetch secrets from backends rather than hardcoding them.
  • [SAFE]: The skill incorporates educational examples of defensive techniques, including XOR-based string obfuscation for hiding system paths from static analysis and memory zeroing for secret management. These are documented as security best practices within the mobile development domain.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 11:14 AM
Security Audit — agent-trust-hub — ios-security-and-rbac