The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses standard command-line tools such as adb, xcrun simctl, and npx to manage mobile simulators and interact with the application under test, which is appropriate for its stated purpose.
[EXTERNAL_DOWNLOADS]: Performs local network requests to the Metro dev server (localhost:8081) for status checks and bundle information, which is a standard operation in React Native development.
[DATA_EXFILTRATION]: Captures application logs and screenshots but stores them strictly in a local temporary directory (/tmp/qa-rn-session) for report generation, with no transmission to external servers.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. 1. Ingestion points: UI hierarchies (AX tree and XML) and system/application logs via adb and simctl. 2. Boundary markers: None present. 3. Capability inventory: Bash shell access, file read, and file write operations. 4. Sanitization: None present. Malicious content in the app's UI labels or logs could potentially influence the report content or navigation logic, though the risk is considered low and inherent to the QA use case.

qa-react-native