deep-linking
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands (
grep,find) to analyze the existing project structure and configuration files likeInfo.plistand.entitlementsto detect existing deep link implementations. - [EXTERNAL_DOWNLOADS]: Includes a diagnostic
curlcommand in the testing section for developers to verify the existence and headers of their own Apple App Site Association (AASA) file on their remote server. - [INDIRECT_PROMPT_INJECTION]: The skill generates code for handling external URL inputs (
onOpenURL). While the templates focus on safe navigation and creation flows, deep link handlers represent an inherent attack surface that developers must secure against malicious external triggers.
Audit Metadata