ios-simulator-pwa-testing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes
xcrun simctlcommands to manage simulators and open URLs. These are standard, official Apple command-line utilities for iOS development and are used appropriately for the skill's stated purpose. - [DATA_EXPOSURE] (SAFE): The automation script saves screenshots to the local filesystem (
$HOME/Desktop/pwa-screenshots). This is a local-only operation intended for the developer's use and does not involve unauthorized data access or network exfiltration. - [INDIRECT_PROMPT_INJECTION] (LOW): The
multi-device-test.shscript accepts a URL as input and interpolates it directly into a command. While there is a potential for shell injection if a user provides a maliciously crafted URL string, the risk is minimal given the tool is intended for local developer use, and the URL is passed to the isolated simulator environment. - [REMOTE_CODE_EXECUTION] (SAFE): No remote code execution patterns, unauthorized downloads, or external dependencies were found. All tools used (Xcode, Simulator, Safari) are local system requirements.
Audit Metadata