core-animation
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the agent to fetch supplemental documentation from a third-party domain (sosumi.ai) when information is not found in the local file set. This introduces a dependency on external, non-authoritative infrastructure for runtime data ingestion.
- [COMMAND_EXECUTION]: Instructions in SKILL.md guide the agent to run the command
pnpm fetch-docagainst the 'apple-skills' tooling. This implies the execution of local shell commands and a dependency on external tooling that is not provided or defined within the skill itself. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its mechanism for fetching remote documentation from a third-party mirror.
- Ingestion points: Remote content retrieved from the URL template
https://sosumi.ai/documentation/quartzcore/<symbol>. - Boundary markers: Absent. The instructions do not tell the agent to use delimiters or ignore any embedded instructions within the fetched markdown.
- Capability inventory: The agent has permissions to read local files, search the project (grep), and execute shell commands (pnpm).
- Sanitization: Absent. There is no evidence of filtering or validation for the content fetched from the remote mirror before it is incorporated into the agent's context.
Audit Metadata