ios-simulator-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly captures and parses UI content from the simulator (e.g., get_accessibility_tree via idb ui describe-all used by accessibility_audit.py and screen_mapper.py, and screenshots/accessibility trees captured by app_state_capture.py), and it also supports opening arbitrary URLs (app_launcher.py --open-url) while navigator.py can act on text found in the UI — meaning untrusted or user-provided web/app content rendered in the simulator could be read and used to drive agent actions.