desktop-expert
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate patterns for building desktop applications, including window management, system tray integration, and OS-specific keyboard shortcuts.
- [DYNAMIC_EXECUTION]: The
ArchDetectorutility inreferences/os-detection.mdimplements standard dynamic loading of native libraries usingSystem.loadLibrary. The library names are hardcoded based on the detected operating system and architecture (e.g., 'libsecp256k1-macos-arm64'), which is a common practice for cryptographic operations in Kotlin Multiplatform for JVM. - [INDIRECT_PROMPT_INJECTION]: The skill defines patterns for handling untrusted external data, which represents a potential attack surface.
- Ingestion points: The
onExternalDragimplementation inSKILL.mdandreferences/desktop-compose-apis.mdaccepts external text and file lists from the host operating system. - Boundary markers: Not present in the provided code snippets, as they are generic UI implementation examples.
- Capability inventory: The skill provides methods for file system access via
FileDialogand external link navigation usingDesktop.getDesktop().browse(). - Sanitization: The patterns do not include explicit sanitization or validation logic for the processed external data.
Audit Metadata