Skills
skills/edwardsanchez/motioneyes/motioneyes-animation-debug/Gen Agent Trust Hub

motioneyes-animation-debug

Warn

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's workflow includes an instruction to 'auto-integrate the MotionEyes package' if it is missing. Since no specific or trusted source URL is defined, this capability could be used to fetch and execute untrusted third-party code.\n- [COMMAND_EXECUTION]: The agent is directed to use xcrun simctl to stream logs from the simulator. This shell command execution presents a risk if parameters, such as subsystem filters, are influenced by malicious input, potentially exposing sensitive system information.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it uses user-provided strings—such as trace names and state identifiers—to generate Swift code and shell commands.\n
  • Ingestion points: User descriptions of animation behavior and view names in SKILL.md.\n
  • Boundary markers: None identified; the skill does not use delimiters to isolate untrusted user input from generated code.\n
  • Capability inventory: Modifying source files, executing shell commands via simctl, and performing builds via xcodebuildmcp.\n
  • Sanitization: Absent; there is no logic provided to escape or validate user-provided strings before they are interpolated into code templates or command strings.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 16, 2026, 05:23 PM