Skills
skills/mukul975/anthropic-cybersecurity-skills/analyzing-ios-app-security-with-objection/Gen Agent Trust Hub

analyzing-ios-app-security-with-objection

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's scripts, scripts/agent.py and scripts/process.py, utilize the subprocess.run function to execute CLI utilities such as objection, frida, and ideviceinstaller. These calls are implemented using argument lists rather than shell strings, which is a security best practice to prevent shell injection vulnerabilities on the host system.
  • [DATA_EXFILTRATION]: By design, the skill facilitates the extraction of sensitive data from target iOS applications, including keychain items, NSUserDefaults configurations, and filesystem contents. This behavior is the primary intended function of the tool for security auditing purposes and is clearly documented in the skill's instructions.
  • [REMOTE_CODE_EXECUTION]: The skill uses Frida to inject JavaScript code into the memory space of target iOS applications. This allows for dynamic instrumentation and method hooking, which is necessary for bypassing client-side security controls like jailbreak detection and SSL pinning during a security assessment.
  • [DATA_EXPOSURE]: The skill identifies and extracts potentially sensitive strings from application memory and local storage. While this involves handling sensitive information, it is done within the context of an authorized security review to identify vulnerabilities in the target application.
  • [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes data retrieved from external sources (target iOS apps).
  • Ingestion points: Tool outputs from ios keychain dump, ios nsuserdefaults get, and memory search are processed by the scripts.
  • Boundary markers: The scripts do not use explicit delimiters or "ignore instructions" warnings when handling output from the mobile assessment tools.
  • Capability inventory: The skill has the capability to execute shell commands and write to the local filesystem via subprocess calls.
  • Sanitization: The Python scripts mitigate host-level command injection by using list-based subprocess.run calls, though they do not explicitly sanitize content before including it in generated reports.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 11:59 AM