live-activity-generator

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill follows standard iOS development practices and uses official Apple APIs for ActivityKit. No malicious patterns or unauthorized behaviors were detected during analysis.
  • [INDIRECT_PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it incorporates user-provided answers into generated code templates.
  • Ingestion points: User responses to configuration questions (e.g., activity purpose, data fields) gathered via AskUserQuestion (SKILL.md).
  • Boundary markers: None identified in the prompt interpolation logic.
  • Capability inventory: Write, Edit, and Bash tools for file manipulation (SKILL.md).
  • Sanitization: No explicit sanitization or validation of user input is specified before it is injected into the generated Swift files.
  • Risk Factor: Malicious user input could potentially result in the generation of malformed or malicious source code, though this is a common characteristic of code-generation utilities.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 05:18 PM
Security Audit — agent-trust-hub — live-activity-generator