axe
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes local commands (
xcrun simctlandaxe) to manage simulators and perform UI interactions. These operations are core to the skill's primary purpose and do not demonstrate malicious intent. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) as it ingests untrusted data from application UI trees.
- Ingestion points: The
axe describe-uicommand retrieves accessibility labels, identifiers, and text from third-party iOS applications into the agent's context. - Boundary markers: There are no delimiters or instructions provided to the agent to help it distinguish between UI data and its own system instructions.
- Capability inventory: The skill possesses significant capabilities, including typing text (
axe type), tapping elements (axe tap), and controlling simulator power states (xcrun simctl boot/shutdown). - Sanitization: There is no evidence of sanitization, filtering, or validation of the data retrieved from the accessibility tree before it is processed by the agent.
Audit Metadata