swiftui
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides patterns for integrating WebKit, which creates an indirect prompt injection surface for external web content.
- Ingestion points: Untrusted data enters the agent context through WebView loading URLs, HTML strings, and data blobs as described in webkit/SKILL.md and webkit/navigation.md.
- Boundary markers: The NavigationDeciding protocol is documented to intercept and filter navigation requests, serving as a boundary for untrusted content (webkit/navigation.md).
- Capability inventory: The skill includes capabilities to execute JavaScript (callJavaScript) and intercept navigation requests (NavigationDeciding) across its web-related scripts.
- Sanitization: The documentation provides best practices for sanitization, specifically recommending the use of named arguments in JavaScript calls to prevent injection and utilizing WKContentWorld for execution isolation (webkit/javascript-advanced.md).
Audit Metadata