ios-simulator-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill can open arbitrary URLs via app_launcher.py's --open-url (and app_launcher.OpenURL) which may load untrusted web content into the simulator, and those pages/screens can then be ingested by scripts like scripts/common/idb_utils.get_accessibility_tree, app_state_capture.py, and accessibility_audit.py (and acted on by navigator.py), so third-party content could indirectly influence tool behavior.