The Agent Skills Directory

[COMMAND_EXECUTION]: The skill requires building and running local binaries and shell scripts, specifically swift build and bash Scripts/package-lookinserver.sh. These operations are used to compile the CLI and package the server runtime within the local repository environment.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it ingests and processes UI hierarchy data from external running applications. Maliciously crafted UI elements (such as button labels or accessibility titles) in a target app could theoretically contain instructions meant to influence the agent's logic.
Ingestion points: Hierarchical JSON data retrieved via lookinside hierarchy --format json as described in SKILL.md and references/output-shapes.md.
Boundary markers: No specific delimiters or "ignore" instructions for the ingested data are defined in the prompt templates.
Capability inventory: The agent can execute the lookinside CLI tool and write output to the file system using the --output flag.
Sanitization: The skill does not describe any sanitization or filtering of the strings extracted from the target application's UI tree.
[DATA_EXFILTRATION]: The tool is designed to extract internal application state, including memory addresses, class names, and the full UI structure. While this is the intended purpose of a hierarchy inspector, it represents a data exposure risk if the target application contains sensitive information in its UI which is then processed by the agent.

lookinside-cli