Skills
skills/neonwatty/claude-skills/ios-workflow-executor/Gen Agent Trust Hub

ios-workflow-executor

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several powerful CLI tools, including xcrun simctl for simulator management, git and gh for repository and PR tasks, and npm/npx for running tests and linters. These commands allow the agent to modify the environment and the codebase significantly.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its ingestion of untrusted data from external sources.
  • Ingestion points: Processes testing workflows from /workflows/ios-workflows.md and UI/UX comparisons from WebSearch results.
  • Boundary markers: The skill lacks explicit delimiters or instructions to sub-agents to ignore potentially malicious directions within the ingested data.
  • Capability inventory: File system access, shell command execution, git operations, and simulator control.
  • Sanitization: No sanitization or validation of input data is performed before it is used to guide the agent's autonomous actions.
  • [REMOTE_CODE_EXECUTION]: The skill spawns autonomous sub-agents that are authorized to explore the codebase and implement code changes, which are then verified by executing test suites. This workflow could be exploited if a malicious workflow file leads the agent to generate and execute unauthorized code.
  • [EXTERNAL_DOWNLOADS]: The skill uses WebSearch to find and visit external websites for design research, exposing the agent to potentially malicious content on the web during its evaluation phase.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 02:45 AM