Skills
NYC
skills/smithery/ai/ios-simulator-skill/Gen Agent Trust Hub

ios-simulator-skill

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (HIGH): High surface area for Indirect Prompt Injection (Category 8).
  • Ingestion points: screen_mapper.py (UI text), log_monitor.py (app logs), and push_notification.py (payloads).
  • Boundary markers: None described.
  • Capability inventory: app_launcher.py (install/uninstall), privacy_manager.py (grant/revoke permissions), simctl_delete.py (device deletion).
  • Sanitization: None described. An attacker-controlled app could display malicious instructions in the UI or logs to hijack the agent via these high-privilege tools.
  • COMMAND_EXECUTION (MEDIUM): The skill executes 21 different Python and Bash scripts that interface with host-level utilities like simctl and idb. This is inherent to the skill's purpose but presents a broad attack surface if the agent is manipulated into passing malicious arguments to these scripts.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:53 AM