rocketsim
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes accessibility elements and UI state from third-party applications running within the iOS Simulator. \n
- Ingestion points: The agent reads UI labels and accessibility descriptions from simulated apps via the RocketSim CLI in SKILL.md.\n
- Boundary markers: No delimiters or instructions are used to separate user/agent instructions from the data read from the simulator UI.\n
- Capability inventory: The agent can perform high-impact actions such as typing, tapping, and executing simulator-level commands based on the UI context.\n
- Sanitization: There is no evidence of sanitization or validation of the retrieved UI content before it enters the agent context.\n- [COMMAND_EXECUTION]: The skill utilizes shell commands (e.g., pgrep, ps, mdfind, test) to discover the RocketSim application path and validate the existence of bundled resources. It then dynamically loads and follows instructions from a local SKILL.md file located within the identified application bundle.
Audit Metadata