The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it systematically ingests untrusted data from the user's Xcode project files to perform analysis. These files (e.g., .swift source code, Info.plist) could contain embedded instructions designed to manipulate the agent's report or its 'Phase 5' file-fixing capabilities. 1. Ingestion points: The skill reads source code, project configuration (pbxproj), and metadata files across the entire project directory. 2. Boundary markers: No specific delimiters or instructions to ignore embedded commands within the analyzed project files are defined in the skill instructions. 3. Capability inventory: The skill has the capability to modify project files (Phase 5) and execute system commands like 'sips' (Check 2.3). 4. Sanitization: No evidence of sanitizing or escaping content from the analyzed files before processing was found.

app-store-review