The Agent Skills Directory

[COMMAND_EXECUTION]: Multiple scripts interface with system utilities such as xcrun simctl, idb, and xcodebuild to perform simulator automation. These operations use structured argument lists in subprocess calls, which is a secure practice that prevents shell injection vulnerabilities.
[DATA_EXFILTRATION]: The skill possesses capabilities to read device logs and capture screen content (screenshots and UI hierarchies). These functions are necessary for debugging and testing; the data is handled within the local environment or the agent's context, and no unauthorized network transmission was identified.
[SAFE]: The skill depends on well-known and reputable software, including the Python Pillow library and the Facebook IDB tool. A benign instance of dynamic module loading (import) in scripts/sim_list.py is used solely for obtaining a timestamp. No execution of untrusted or remote code was detected.
[PROMPT_INJECTION]: The skill processes untrusted UI data from the simulator, which represents a surface for indirect prompt injection. Ingestion points: scripts/navigator.py and scripts/screen_mapper.py (UI element labels). Boundary markers: Absent. Capability inventory: scripts/simctl_delete.py (device management) and scripts/privacy_manager.py (permissions). Sanitization: Absent. This surface is inherent to UI automation tools and does not constitute a direct security flaw in the skill's code.

automating-ios-simulator