ios-device-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and usage that embed plaintext credentials directly into CLI commands and act prompts (e.g., "fill in ... the password field with 'pass123'" and API key placeholders), which requires the agent to output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports launching arbitrary web URLs/deep links (see "Launch an App, URL, or Deep Link") and instructs the agent to take and read screenshots to decide next actions, meaning the agent will ingest and act on untrusted third‑party web/app content shown on the device screen.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill invokes "npx @midscene/ios@1" at runtime (which pulls and executes the @midscene/ios npm package from the registry — e.g. https://www.npmjs.com/package/@midscene/ios), so it requires fetching and running remote code as part of normal operation.