apple-crash-symbolication
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted .ips crash logs provided by the user, which creates a surface for indirect prompt injection attacks through fields like Application Specific Information (asi).\n
- Ingestion points: User-provided .ips JSON files are parsed by the instructions in SKILL.md and the PowerShell script scripts/Symbolicate-Crash.ps1.\n
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat external crash data as potentially untrustworthy or to ignore embedded commands.\n
- Capability inventory: The skill executes local shell commands (atos, dwarfdump, idevicecrashreport) and performs network downloads to fetch symbol files.\n
- Sanitization: Content from the crash log fields is interpreted by the agent for analysis without escaping or validation to prevent the data from overriding agent instructions.\n- [EXTERNAL_DOWNLOADS]: Fetches symbol files from msdl.microsoft.com. This is a well-known service provided by Microsoft for legitimate development and diagnostic purposes.\n- [COMMAND_EXECUTION]: Invokes local system tools including atos, dwarfdump, and idevicecrashreport. These are standard diagnostic utilities used in Apple platform development and are invoked here for their intended purpose.
Audit Metadata