ios-simulator-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes an app_launcher.open_url option that can open arbitrary http:// URLs in the simulator (scripts/app_launcher.py) and then several scripts (get_accessibility_tree in scripts/common/idb_utils.py, screen_mapper.py, navigator.py, app_state_capture.py, accessibility_audit.py) read the resulting UI tree/screenshots and act on element text/labels, meaning untrusted public web content or user-generated pages can be loaded and then directly influence automated interactions—enabling indirect prompt injection.