subscription-lifecycle

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill operates as a local code generation tool. It uses discovery tools like Glob and Grep to identify the existing project context and determine the appropriate file locations for the generated Swift code.
  • [COMMAND_EXECUTION]: While the skill requests the Bash tool, its usage is constrained to searching for existing StoreKit implementation patterns and project entitlements. There is no evidence of arbitrary command execution or shell injection vulnerabilities.
  • [DATA_EXFILTRATION]: The skill does not perform network operations. All data processing remains local to the user's project environment. No hardcoded credentials or sensitive file access patterns were found.
  • [REMOTE_CODE_EXECUTION]: There are no external dependencies, remote script downloads, or package installations involved in the skill's operation. All logic is contained within the provided markdown and Swift templates.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 05:18 PM
Security Audit — agent-trust-hub — subscription-lifecycle