The Agent Skills Directory

[COMMAND_EXECUTION]: The skill requires the execution of sudo pymobiledevice3 remote tunneld to support developer services on iOS 17+ devices, granting the tool root privileges on the host system.
[DATA_EXFILTRATION]: The skill includes numerous capabilities to access and extract sensitive data from connected devices. Evidence includes:
pymobiledevice3 apps pull: Extracting files from application sandboxes to the local machine.
pymobiledevice3 syslog live: Streaming live system logs which may contain private information.
pymobiledevice3 pcap: Capturing device network traffic for analysis.
pymobiledevice3 developer dvt screenshot: Capturing screen images of the device.
[EXTERNAL_DOWNLOADS]: The skill setup involves installing the pymobiledevice3 Python package from public registries using standard tools like uv or pipx.
[PROMPT_INJECTION]: The skill exposes the agent to untrusted data from the iOS device, creating a surface for indirect prompt injection.
Ingestion points: Data is ingested via syslog live, crash ls, pcap, and apps pull commands.
Boundary markers: No delimiters or protective instructions are provided to the agent regarding data retrieved from the device.
Capability inventory: The skill can execute shell commands through the pymobiledevice3 binary and write files to the host filesystem.
Sanitization: The retrieved content is processed without evidence of sanitization or validation.

ios-device-toolkit