run-simulator
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute a chain of system utilities includingxcodebuildandxcrun simctl. This is appropriate for the skill's primary purpose of iOS development automation. - [COMMAND_EXECUTION]: Step 4 utilizes
evalto process variable assignments (DIR and NAME) generated by parsing the output ofxcodebuild -showBuildSettingswithawk. This pattern creates an indirect prompt injection surface; if a project file or scheme is maliciously named (e.g., including shell control characters like backticks or semicolons), theevalcommand would execute those characters in the host shell. While this requires a malicious local project file, it represents a dynamic execution risk without sanitization.
Audit Metadata