Confirm successful installation by checking the skill directory location:
.cursor/skills/device-integrity
Restart Cursor to activate device-integrity. Access via /device-integrity in your agent's command palette.
β
Security Notice
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Verify that requests to your server come from a genuine Apple device running
your unmodified app. DeviceCheck provides per-device bits for simple flags
(e.g., "claimed promo offer"). App Attest uses Secure Enclave keys and Apple
attestation to cryptographically prove app legitimacy on each request.
DCDevice generates a
unique, ephemeral token that identifies a device. The token is sent to your
server, which then communicates with Apple's servers to read or set two
per-device bits. Available on iOS 11+.
The server authenticates with a DeviceCheck private key from the Apple Developer
portal, creating a signed JWT for each request.
What the Two Bits Are For
Apple stores two Boolean values per device per developer team. You decide what
they mean. Common uses:
Bit 0: Device has claimed a promotional offer.
Bit 1: Device has been flagged for fraud.
Bits persist across app reinstall. You control when to reset them via the
server API.
DCAppAttestService (App Attest)
DCAppAttestService
validates that a specific instance of your app on a specific device is
legitimate. It uses a hardware-backed key in the Secure Enclave to create
cryptographic attestations and assertions. Available on iOS 14+.
The flow has three phases:
Key generation -- create a key pair in the Secure Enclave.
Attestation -- Apple certifies the key belongs to a genuine Apple device running your app.
Assertion -- sign server requests with the attested key to prove ongoing legitimacy.
Checking Support
importDeviceChecklet attestService =DCAppAttestService.shared
guard attestService.isSupported else{// Fall back to DCDevice token or other risk assessment.// App Attest is not available on simulators or all device models.return}
App Attest Key Generation
Generate a cryptographic key pair stored in the Secure Enclave. The returned
keyId is a string identifier you persist (e.g., in Keychain) for later
attestation and assertion calls.
importDeviceCheckactorAppAttestManager{privatelet service =DCAppAttestService.shared
privatevar keyId:String?/// Generate and persist a key pair for App Attest.funcgenerateKeyIfNeeded()asyncthrows->String{iflet existingKeyId =loadKeyIdFromKeychain(){self.keyId = existingKeyId
return existingKeyId
}let newKeyId =tryawait service.generateKey()saveKeyIdToKeychain(newKeyId)self.keyId = newKeyId
return newKeyId
}// MARK: - Keychain helpers (simplified)privatefuncsaveKeyIdToKeychain(_ keyId:String){let data =Data(keyId.utf8)let query:[String:Any]=[kSecClassasString:kSecClassGenericPassword,kSecAttrAccountasString:"app-attest-key-id",kSecAttrServiceasString:Bundle.main.bundleIdentifier ??"",kSecValueDataasString: data,kSecAttrAccessibleasString:kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly]SecItemDelete(query asCFDictionary)// Remove old if existsSecItemAdd(query asCFDictionary,nil)}privatefuncloadKeyIdFromKeychain()->String?{let query:[String:Any]=[kSecClassasString:kSecClassGenericPassword,kSecAttrAccountasString:"app-attest-key-id",kSecAttrServiceasString:Bundle.main.bundleIdentifier ??"",kSecReturnDataasString:true,kSecMatchLimitasString:kSecMatchLimitOne]var result:AnyObject?let status =SecItemCopyMatching(query asCFDictionary,&result)guard status == errSecSuccess,let data = result as?Dataelse{returnnil}returnString(data: data, encoding:.utf8)}}
Important: Generate the key once and persist the keyId. Generating a new
key invalidates any previous attestation.
App Attest Attestation Flow
Attestation proves that the key was generated on a genuine Apple device running
your unmodified app. You perform attestation once per key, then store the
attestation object on your server.
Client-Side Attestation
importDeviceCheckimportCryptoKit
β
Make data-driven prioritization decisions faster
Stakeholder Communication
Draft PRDs, status updates, and stakeholder presentations
βΊAccess to product documentation and roadmap tools (Jira, Notion, etc.)
βΊUnderstanding of product management frameworks (RICE, Jobs-to-be-Done, etc.)
βΊStakeholder contact information and communication channels
Time Estimate
30-60 minutes to see productivity improvements
Steps
1Install product management skill
2Start with user story generation for known feature
3Progress to competitive analysis: research 2-3 competitors
4Use for roadmap prioritization: apply RICE/ICE scoring
5Draft stakeholder communications and refine based on feedback
6Build template library for recurring PM tasks
7Share effective prompts with product team
Common Pitfalls
β Not validating competitive researchβverify facts before sharing
β Accepting user stories without involving engineering team
β Over-relying on frameworks without qualitative judgment
β Not customizing outputs to company culture and communication style
β Skipping stakeholder validation of generated requirements
Best Practices
β Do
+Validate research and competitive analysis with real data
+Collaborate with engineering when generating technical requirements
+Customize frameworks and templates to your company context
+Use skill for first drafts, refine with stakeholder input
+Document successful prompt patterns for PM tasks
+Combine AI efficiency with human judgment and intuition
β Don't
βDon't publish competitive analysis without fact-checking
βDon't finalize user stories without engineering review
βDon't make prioritization decisions solely on AI scoring
βDon't skip customer validation of generated requirements
βDon't ignore company-specific context and culture
π‘ Pro Tips
β Provide context: company goals, constraints, customer feedback
β Ask for alternatives: 'Show 3 ways to prioritize this roadmap'
β Request stakeholder-specific formatting: 'Executive summary vs. engineering spec'
β Use skill for 70% generation + 30% customization to company needs
When to Use This
β Use when
Use for user story writing, competitive research, roadmap prioritization, stakeholder communication, and PRD drafting. Best for reducing repetitive documentation and research work.
β Avoid when
Avoid for strategic product vision (requires deep customer empathy), pricing decisions (needs market and financial expertise), or when face-to-face customer discovery is more valuable than speed.
Learning Path
1Basic: user stories, feature specs, status updates
