desktop-expert

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides legitimate patterns for building desktop applications, including window management, system tray integration, and OS-specific keyboard shortcuts.
  • [DYNAMIC_EXECUTION]: The ArchDetector utility in references/os-detection.md implements standard dynamic loading of native libraries using System.loadLibrary. The library names are hardcoded based on the detected operating system and architecture (e.g., 'libsecp256k1-macos-arm64'), which is a common practice for cryptographic operations in Kotlin Multiplatform for JVM.
  • [INDIRECT_PROMPT_INJECTION]: The skill defines patterns for handling untrusted external data, which represents a potential attack surface.
  • Ingestion points: The onExternalDrag implementation in SKILL.md and references/desktop-compose-apis.md accepts external text and file lists from the host operating system.
  • Boundary markers: Not present in the provided code snippets, as they are generic UI implementation examples.
  • Capability inventory: The skill provides methods for file system access via FileDialog and external link navigation using Desktop.getDesktop().browse().
  • Sanitization: The patterns do not include explicit sanitization or validation logic for the processed external data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 05:23 PM
Security Audit — agent-trust-hub — desktop-expert