The Agent Skills Directory

[COMMAND_EXECUTION]: The documentation instructs users to execute sudo gem install cocoapods and sudo gem install fastlane. Recommending the use of sudo for tool installation constitutes a privilege escalation pattern, as it grants elevated permissions to installation scripts which could be exploited if package sources were compromised.\n- [COMMAND_EXECUTION]: The scripts/setup.sh script performs multiple automated shell commands and writes configuration files (Appfile, Fastfile) to the local filesystem. This script executes with the permissions of the local environment.\n- [EXTERNAL_DOWNLOADS]: The skill performs project initialization and dependency management using npx @react-native-community/cli, npm install, and pod install. These commands fetch and execute external code from public registries, which is a standard part of the React Native development workflow.\n- [PROMPT_INJECTION]: The skill ingests an 'App Description' provided by the user to implement application logic, representing a vulnerability surface for indirect prompt injection.\n
Ingestion points: The argument-hint field in SKILL.md.\n
Boundary markers: None identified for user-provided input.\n
Capability inventory: Access to Bash shell tools and file manipulation capabilities (Write, Edit).\n
Sanitization: No validation or sanitization is performed on the ingested description text.

ship-app