Skills
skills/vabole/apple-skills/storekit/Gen Agent Trust Hub

storekit

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The SKILL.md file instructs the agent to fetch additional documentation from sosumi.ai, an unofficial third-party Markdown mirror of Apple's developer documentation.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing untrusted data from an external source:
  • Ingestion points: External documentation content is fetched from sosumi.ai URLs (SKILL.md).
  • Boundary markers: The instructions do not define delimiters or "ignore embedded instructions" warnings for the fetched content.
  • Capability inventory: The ingested data informs the agent's understanding of StoreKit APIs, which is used to generate responses and technical guidance.
  • Sanitization: There is no specified logic for sanitizing or validating the external documentation content before it enters the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 06:30 AM