ios-debugger-agent
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill exhibits an attack surface for Indirect Prompt Injection (Category 8) due to its core function of reading and interpreting data from an external, potentially untrusted source (the app being debugged).
- Ingestion points: The skill uses
mcp__XcodeBuildMCP__describe_uito read screen content andmcp__XcodeBuildMCP__start_sim_log_capto capture application logs. If an app being debugged outputs malicious instructions into its logs or UI, the agent might attempt to follow them. - Boundary markers: Absent. The instructions do not define delimiters or specific 'ignore embedded instructions' warnings for the data retrieved from the simulator.
- Capability inventory: The agent has capabilities including UI interaction (
tap,type_text,gesture), file path discovery (get_sim_app_path), and visual capture (screenshot). - Sanitization: No evidence of sanitization, filtering, or validation of the ingested log or UI data is present in the skill definition.
Audit Metadata