promoted-iap

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's primary function is to generate boilerplate Swift code for StoreKit 2 integration. Analysis of the instructions and templates shows no malicious intent or suspicious patterns.
  • [COMMAND_EXECUTION]: The skill uses Bash, Glob, and Grep tools. These are employed for legitimate project maintenance tasks, such as checking for existing StoreKit implementations and determining the directory structure for file output.
  • [DATA_EXFILTRATION]: There are no network-enabled tools or commands (e.g., curl, wget) used for external communication. The skill operates entirely on the local project environment.
  • [CREDENTIALS_UNSAFE]: No hardcoded secrets, API keys, or sensitive credential access patterns were found in the skill or its associated templates.
  • [REMOTE_CODE_EXECUTION]: The skill does not download external scripts or packages. It relies on a local templates.md file to provide code snippets to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 05:18 PM
Security Audit — agent-trust-hub — promoted-iap