Skills
skills/vabole/apple-skills/mapkit/Gen Agent Trust Hub

mapkit

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The SKILL.md file directs the agent to fetch content from sosumi.ai, an external and unofficial documentation mirror, when local documentation is insufficient.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) by instructing the agent to ingest untrusted data from a remote mirror into its context.
  • Ingestion points: Documentation content retrieved from URLs matching https://sosumi.ai/documentation/* as instructed in SKILL.md.
  • Boundary markers: The skill provides no delimiters or instructions to the agent to ignore potentially malicious directions embedded within the fetched external documentation.
  • Capability inventory: The agent context includes powerful capabilities such as shell command execution (via grep or other tools) and file system access that could be targeted by instructions hidden in the mirror's content.
  • Sanitization: There is no evidence of validation, sanitization, or filtering applied to the documentation fetched from the external source.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 06:31 AM