debug
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is highly susceptible to indirect prompt injection because it directs the agent to ingest untrusted external data (logs and app screenshots) and provides it with the authority to modify code and execute builds. A malicious application could output specific instructions in its logs to hijack the agent's logic.\n
- Ingestion points: XcodeBuildMCP.get-build-logs, XcodeBuildMCP.get-runtime-logs, and ios-simulator.take-screenshot.\n
- Boundary markers: Absent; there are no instructions to the agent to distinguish between diagnostic data and actionable instructions or to isolate external content.\n
- Capability inventory: XcodeBuildMCP.build, ios-simulator.launch-app, ios-simulator.tap, ios-simulator.enter-text, and source code modification.\n
- Sanitization: Absent; no validation or filtering of the log output or screenshot data is performed.\n- [Command Execution] (MEDIUM): The skill utilizes tools to compile code and interact with the simulator UI (tap, swipe, enter text), which involve executing potentially sensitive operations on the developer's machine.
Recommendations
- AI detected serious security threats
Audit Metadata