ios-app-tester
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill installs the 'axe' CLI from a non-whitelisted GitHub repository ('cameroncooke/axe') using Homebrew.
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection. ● Ingestion points: The 'axe describe-ui' command in SKILL.md extracts all text and accessibility labels from the simulator screen. ● Boundary markers: No delimiters or ignore-instructions warnings are used when processing the UI output. ● Capability inventory: The skill has high-privilege control over the simulator, including 'tap', 'type', 'swipe', and 'button' commands. ● Sanitization: No sanitization is performed on the content extracted from the UI before it is processed by the agent.
- [COMMAND_EXECUTION] (MEDIUM): Requires the user to grant macOS Accessibility permissions, which provides the underlying tool with broad programmatic control over the system interface.
Recommendations
- AI detected serious security threats
Audit Metadata