The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The skill makes extensive use of the subprocess module to execute system developer tools such as xcrun simctl, idb, and plutil. This is the intended mechanism for simulator management.
[PROMPT_INJECTION] (HIGH): Category 8: Indirect Prompt Injection risk. The skill ingests untrusted UI data that could contain malicious instructions. 1. Ingestion points: scripts/common/idb_utils.py fetches the accessibility tree from running simulator apps; scripts/push_notification.py accepts arbitrary JSON payloads. 2. Boundary markers: Absent. UI text from elements is not delimited or marked as untrusted. 3. Capability inventory: Significant side-effect capabilities including scripts/app_launcher.py (install/uninstall/launch), scripts/privacy_manager.py (grant/revoke permissions), and scripts/simctl_create.py (device provisioning). 4. Sanitization: Absent. No filtering of UI text content is performed.

ios-simulator-skill