axiom-xclog-ref
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for executing the local binary
${CLAUDE_PLUGIN_ROOT}/bin/xclogto manage and monitor iOS simulator processes and system logs. - [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by processing untrusted application logs. Ingestion points: Console output and system logs are retrieved via the
launch,attach, andshowcommands in SKILL.md. Boundary markers: Although the tool provides structured JSON output, the skill lacks instructions for the agent to treat log content as untrusted or to ignore embedded instructions. Capability inventory: The agent can write log data to the local filesystem and execute subsequent commands. Sanitization: No filtering or sanitization of the captured logs is documented.
Audit Metadata