The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires the integration of an external Swift package named 'MotionEyes'. The workflow directs the agent to 'auto-integrate' the package if it is not present in the project. Since the package source is not explicitly defined with a verified repository URL, this poses a supply-chain risk where a malicious package with the same name could be introduced to the project environment.\n- [COMMAND_EXECUTION]: The skill utilizes system-level commands through the xcrun simctl CLI and the XcodeBuildMCP toolset to build the application and manage the simulator environment. This includes spawning processes for log streaming and managing simulator sessions to capture runtime behavior.\n- [PROMPT_INJECTION]: The skill ingests and analyzes console logs to diagnose animation behavior, creating a surface for indirect prompt injection. Logs are untrusted data that could be influenced by the application's runtime state or external inputs to influence the agent's debugging logic.\n
Ingestion points: Simulator console logs are captured via mcp__XcodeBuildMCP__stop_sim_log_cap and xcrun simctl spawn booted log stream.\n
Boundary markers: No specific delimiters or instructions to ignore embedded commands are defined when processing log content.\n
Capability inventory: The agent has the capability to modify Swift source files, integrate external packages, and execute build/run commands based on its analysis.\n
Sanitization: No sanitization or verification of the log contents is performed prior to the agent processing the data.\n- [DATA_EXFILTRATION]: Capturing simulator console logs, especially when configured with a broad filter (e.g., subsystemFilter: 'all'), presents a risk of sensitive data exposure. Console logs frequently contain authentication tokens, API keys, or personally identifiable information (PII) that the agent may inadvertently ingest during a debugging session.

motioneyes-animation-debug