The Agent Skills Directory

[PROMPT_INJECTION]: The skill manages a potential indirect prompt injection surface through the ingestion of simulator UI data. Ingestion points: Accessibility tree JSON (ui.sh) and screenshots (capture.sh). Boundary markers: Visual and element inspection tasks are routed to isolated subagents (e.g., Haiku) with specific instructions to prevent data from influencing the main context. Capability inventory: UI interactions like tap and swipe (ui.sh), app installation (app.sh), and device control (device.sh). Sanitization: Inputs such as coordinates are validated as numbers, and text input is restricted to ASCII printable characters with length limits.
[COMMAND_EXECUTION]: The skill executes shell scripts that wrap standard development tools including xcrun simctl and AXe. These scripts include robust input validation and use safe command-line patterns (e.g., using arrays for arguments) to prevent command injection.
[EXTERNAL_DOWNLOADS]: The skill documentation correctly identifies the AXe command-line tool as a prerequisite. This is a well-known third-party tool for iOS accessibility testing and is installed by the user via official package managers (Homebrew).
[SAFE]: The overall architecture of the skill demonstrates security awareness, particularly in the separation of concerns between high-privilege operations and the analysis of potentially attacker-influenced UI data.

ios-sim