baguette-ios-simulator
Fail
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to download source code from an external repository at
https://github.com/tddworks/baguetteand execute amakecommand, which compiles and runs code from a third-party source. - [EXTERNAL_DOWNLOADS]: The skill directs the user to install a software package using a third-party Homebrew tap (
brew install tddworks/tap/baguette), which introduces dependencies from an unverified external source. - [COMMAND_EXECUTION]: The skill requires administrative privileges via
sudo xcode-selectto modify system-wide development environment settings. - [COMMAND_EXECUTION]: The skill launches a local web server on port 8421 (using
baguette serve), which creates a network-accessible interface for controlling simulator devices. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through its data processing and simulator management capabilities.
- Ingestion points: The skill ingests untrusted data from simulator metadata via
baguette listand processes external gesture sequences throughbaguette input. - Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands when processing JSON input from stdin or WebSocket streams.
- Capability inventory: The skill manages system processes and simulator states via the
baguetteCLI and shell-based lifecycle commands. - Sanitization: The documentation provides no evidence of input validation or sanitization for the coordinate data and JSON commands received from external sources.
Recommendations
- AI detected serious security threats
Audit Metadata