debugger-agent
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill executes local developer tools including
xcodebuild,xcrun, andfindto build and manage iOS apps. While these commands interact with the system, they are limited to the primary development workflow and do not involve arbitrary or hidden execution. - PROMPT_INJECTION (LOW): An indirect prompt injection surface is present because the skill ingests and processes external application data. 1. Ingestion points: Untrusted data enters the agent context through build output and live application logs via
xcrun simctl spawn booted log stream. 2. Boundary markers: The skill lacks delimiters or specific instructions for the agent to ignore embedded commands within the log streams. 3. Capability inventory: The skill possesses capabilities for shell command execution, file system exploration, and simulator UI manipulation. 4. Sanitization: There is no evidence of sanitization or filtering of the log content before it is presented to the agent.
Audit Metadata