milestone-celebration

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash, Grep, and Glob tools to perform local project analysis. This is used to detect the Swift version, deployment targets, and existing animation code to prevent conflicts during the generation process.
  • [PROMPT_INJECTION]: The skill defines an attack surface for indirect prompt injection by taking user-provided input through the AskUserQuestion tool (such as custom celebration types, titles, and descriptions) and interpolating those strings into generated Swift files.
  • Ingestion points: User responses from configuration questions in SKILL.md.
  • Boundary markers: Absent; the user input is directly inserted into code templates.
  • Capability inventory: The skill uses Write and Edit tools to create the Milestone.swift and CelebrationOverlay.swift files among others.
  • Sanitization: The instructions do not specify sanitization or escaping of the user-provided strings before they are written to the source code files. However, this is a common characteristic of code generation skills and does not represent a malicious intent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 05:18 PM
Security Audit — agent-trust-hub — milestone-celebration