The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill extensively uses bunx xcobra to run commands. bunx downloads and executes the xcobra package from the npm registry at runtime. This package is not from a trusted organization or repository listed in the security guidelines, making it an unverifiable dependency.
REMOTE_CODE_EXECUTION (MEDIUM): The command bunx xcobra expo eval allows for the execution of arbitrary JavaScript strings within the context of a running Expo application. This dynamic execution capability (Category 10) can be used to access internal app state (e.g., global.__REDUX_STORE__) or modify application logic. While functional for testing, it is a high-privilege operation.
COMMAND_EXECUTION (LOW): The skill utilizes several local system commands including find, grep, and xcrun simctl. These are standard utilities used for their intended purpose of navigating the file system and managing iOS simulators.
DATA_EXFILTRATION (LOW): The skill has broad access to simulator data through commands like sim screenshot, record-video, expo console, and expo network. While it can capture UI state and network logs, there are no patterns suggesting the automated exfiltration of this data to an external server.
INDIRECT_PROMPT_INJECTION (LOW): The skill ingests untrusted data from the simulator's UI via sim xml. An attacker-controlled application could potentially place malicious instructions in accessibility labels to influence the agent.
Ingestion points: sim xml, expo console
Boundary markers: None present; data is piped directly to grep or standard output.
Capability inventory: expo eval (JS execution), shell command execution via bunx.
Sanitization: None detected; the agent is expected to parse raw XML and log output.

device-testing