ios-simulator-skill
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous scripts that interact with system-level tools such as
xcrun simctl,xcodebuild, andidb. Analysis of the source code (e.g.,app_launcher.py,gesture.py,keyboard.py,builder.py) confirms that these interactions usesubprocess.runwith list-based arguments and explicitly avoidshell=True. This effectively mitigates command injection risks from user-provided input or simulator data. - [DATA_EXPOSURE]: No hardcoded credentials, API keys, or unauthorized access to sensitive file paths (such as SSH keys or AWS credentials) were detected. The skill manages its own cache in
~/.ios-simulator-skilland uses temporary files for transient data like screenshots and logs, which is standard practice for this type of tool. - [REMOTE_CODE_EXECUTION]: The skill does not contain any patterns for downloading and executing remote scripts or dynamic code at runtime. It relies on locally installed tools (
xcode,idb,python3) and standard libraries. - [PROMPT_INJECTION]: The skill's instructions in
SKILL.mdandREADME.mdare focused on functional documentation and do not contain any patterns attempting to override agent behavior or bypass safety guidelines. - [INDIRECT_PROMPT_INJECTION]: The skill ingests data from the simulator, such as UI accessibility labels (
AXLabel) innavigator.pyand system logs inlog_monitor.py. While this is untrusted external data that could technically contain malicious instructions, the skill treats this data as informational strings for display or navigation matching, rather than executable instructions, which aligns with standard automation tool behavior.
Audit Metadata