Skills
skills/aradotso/codex-skills/codex-plusplus-ios-simulator-tweak/Gen Agent Trust Hub

codex-plusplus-ios-simulator-tweak

Warn

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses child_process.execSync to invoke xcrun simctl for simulator management (booting, listing, and shutting down devices). It also instructs the user to run sudo xcode-select during installation, which requires administrative privileges.
  • [REMOTE_CODE_EXECUTION]: The skill compiles Swift and Objective-C source files (sim-capture.swift and sim-input.m) into executable binaries at runtime. These compiled helpers are then executed to perform frame capture and input injection by interfacing with private macOS frameworks.
  • [EXTERNAL_DOWNLOADS]: Installation instructions require cloning the skill's core logic from an external third-party GitHub repository (github.com/b-nnett/codex-plusplus-ios-simulator.git).
  • [PROMPT_INJECTION]: The skill ingests untrusted data from the simulator's UI elements, such as accessibility labels and identifiers. This creates an indirect prompt injection surface if a malicious application is running within the simulator.
  • Ingestion points: UI element labels and metadata processed during annotation (SKILL.md).
  • Boundary markers: None identified.
  • Capability inventory: System command execution via execSync and execution of custom compiled binaries.
  • Sanitization: No sanitization or validation of the extracted UI text is described.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 07:56 PM