ipsw
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill provides instructions for the
ipswcommand-line tool to perform reverse engineering tasks such as disassembly, symbol lookup, and entitlement extraction. These operations are consistent with the tool's primary research purpose. - [EXTERNAL_DOWNLOADS] (SAFE): The skill includes commands to download firmware images and symbols from Apple's official update servers (e.g., updates.cdn-apple.com). According to [TRUST-SCOPE-RULE], these are trusted sources for firmware acquisition.
- [DATA_EXFILTRATION] (SAFE): No unauthorized data exfiltration was detected. The tool accesses system-level binaries (e.g., dyld_shared_cache, kernelcache) for analysis but does not send sensitive user data or credentials to untrusted domains.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill facilitates the processing of external binary data. Evidence Chain: 1. Ingestion points: Mach-O binaries, IPSW files, and remote URLs. 2. Boundary markers: Reliance on the
ipswtool's internal parsing logic. 3. Capability inventory: Command-line execution, file system access, and network downloads. 4. Sanitization: Handled by the externalipswutility.
Audit Metadata