The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the user and agent to install a tool named xcsift from a non-standard, personal Homebrew tap (ldomaradzki/xcsift). This dependency is from an unverified source and is integrated into the core build and verification workflow in SKILL.md and workflows/debug-app.md.
[COMMAND_EXECUTION]: The skill makes extensive use of shell command execution. In references/system-apis.md, a runCommand helper is provided that executes arbitrary strings via /bin/zsh -c using the Swift Process API. Furthermore, it encourages the use of powerful system tools like lldb, codesign, and networksetup which can be used to modify system security configurations.
[REMOTE_CODE_EXECUTION]: The primary function of the skill is to generate, compile, and execute Swift code on the host machine using xcodebuild and the open command. While intended for development, this allows for the execution of any code generated by the agent.
[DATA_EXFILTRATION]: The skill contains instructions in references/cli-observability.md for configuring a local network proxy using networksetup and monitoring traffic with mitmproxy. These capabilities provide a mechanism for intercepting, inspecting, or redirecting potentially sensitive network data.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and analyzes untrusted data from external codebases and logs.
Ingestion points: Reading app source files and crash reports in workflows/add-feature.md and workflows/debug-app.md.
Boundary markers: Absent; the skill lacks delimiters or instructions to ignore embedded instructions within processed files.
Capability inventory: High; includes file system access, arbitrary process execution, and network monitoring.
Sanitization: Absent; no validation or escaping is performed on data read from external project files before it is processed by the agent.

macos-apps