ios
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
ui-automation.mdfile recommends installing an external dependency (axe) using a third-party Homebrew tap (cameroncooke/axe). This source is not verified as a trusted organization or well-known service, posing a risk of supply chain compromise. - [COMMAND_EXECUTION]: The
debugging.mdfile describes thedebug_lldb_commandtool, which enables the execution of arbitrary LLDB commands. While necessary for deep debugging, this capability allows for significant control over the target application's execution flow and memory, which could be exploited if provided with malicious input. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes untrusted data from application logs (
start_device_log_capindevice-tools.md) and UI hierarchies (snapshot_uiinui-automation.md). 1. Ingestion points:references/device-tools.mdandreferences/ui-automation.md. 2. Boundary markers: Absent. 3. Capability inventory: Includesdebug_lldb_command,tap,swipe, and application installation/launch. 4. Sanitization: None described for the captured logs or UI element labels.
Audit Metadata