apple-docs-index
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill suggests fetching documentation indexes from Apple's official tutorials endpoint (developer.apple.com).
- [EXTERNAL_DOWNLOADS]: The instructions in SKILL.md recommend fetching detailed framework documentation from sosumi.ai, a third-party Markdown mirror, which involves network requests to a non-whitelisted domain.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it encourages the agent to ingest and process documentation content from an external third-party source (sosumi.ai). Ingestion points: Remote Markdown files fetched from https://sosumi.ai/documentation/. Boundary markers: None identified; external documentation is processed without isolation or delimiters. Capability inventory: The agent utilizes grep and cat to browse documentation; the content of these files influences the agent's decision-making and subsequent fetches. Sanitization: No validation or sanitization of the retrieved external content is described.
Audit Metadata