ios-simulator-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill lets the agent open arbitrary external URLs via scripts/app_launcher.py (--open-url) which can load public web pages into the simulator, and other scripts (e.g., scripts/common/idb_utils.get_accessibility_tree, scripts/common/screenshot_utils.capture_screenshot, scripts/accessibility_audit.py, screen_mapper.py) then read and analyze the simulator screen and accessibility tree — clearly ingesting untrusted third-party/user-generated content.