milestone-celebration
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bash,Grep, andGlobtools to perform local project analysis. This is used to detect the Swift version, deployment targets, and existing animation code to prevent conflicts during the generation process. - [PROMPT_INJECTION]: The skill defines an attack surface for indirect prompt injection by taking user-provided input through the
AskUserQuestiontool (such as custom celebration types, titles, and descriptions) and interpolating those strings into generated Swift files. - Ingestion points: User responses from configuration questions in
SKILL.md. - Boundary markers: Absent; the user input is directly inserted into code templates.
- Capability inventory: The skill uses
WriteandEdittools to create theMilestone.swiftandCelebrationOverlay.swiftfiles among others. - Sanitization: The instructions do not specify sanitization or escaping of the user-provided strings before they are written to the source code files. However, this is a common characteristic of code generation skills and does not represent a malicious intent.
Audit Metadata