The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute standard xcrun simctl commands. These commands are used to manage simulator state, launch applications, and capture log streams, which is appropriate for a QA automation tool. It also involves reading system crash reports from ~/Library/Logs/DiagnosticReports/ and writing session logs to /tmp/qa-ios-session/ to report app stability.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it ingests and processes accessibility (AX) trees from external iOS applications via the mcp__ios-simulator__ui_describe_all tool. 1. Ingestion points: Accessibility tree data retrieved in SKILL.md (Phases 1, 2, 3, 4, and 6). 2. Boundary markers: None present; the agent is instructed to directly parse labels and roles from the AX JSON. 3. Capability inventory: The agent has access to Bash for shell execution and various UI interaction tools like ui_tap and ui_type across all scripts. 4. Sanitization: There is no evidence of sanitization or filtering of the UI element labels before the agent uses them to determine its next actions.

qa-ios