run-simulator

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute a chain of system utilities including xcodebuild and xcrun simctl. This is appropriate for the skill's primary purpose of iOS development automation.
  • [COMMAND_EXECUTION]: Step 4 utilizes eval to process variable assignments (DIR and NAME) generated by parsing the output of xcodebuild -showBuildSettings with awk. This pattern creates an indirect prompt injection surface; if a project file or scheme is maliciously named (e.g., including shell control characters like backticks or semicolons), the eval command would execute those characters in the host shell. While this requires a malicious local project file, it represents a dynamic execution risk without sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 05:18 PM
Security Audit — agent-trust-hub — run-simulator