core-animation

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs the agent to fetch supplemental documentation from a third-party domain (sosumi.ai) when information is not found in the local file set. This introduces a dependency on external, non-authoritative infrastructure for runtime data ingestion.
  • [COMMAND_EXECUTION]: Instructions in SKILL.md guide the agent to run the command pnpm fetch-doc against the 'apple-skills' tooling. This implies the execution of local shell commands and a dependency on external tooling that is not provided or defined within the skill itself.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its mechanism for fetching remote documentation from a third-party mirror.
  • Ingestion points: Remote content retrieved from the URL template https://sosumi.ai/documentation/quartzcore/<symbol>.
  • Boundary markers: Absent. The instructions do not tell the agent to use delimiters or ignore any embedded instructions within the fetched markdown.
  • Capability inventory: The agent has permissions to read local files, search the project (grep), and execute shell commands (pnpm).
  • Sanitization: Absent. There is no evidence of filtering or validation for the content fetched from the remote mirror before it is incorporated into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 08:36 AM
Security Audit — agent-trust-hub — core-animation