Skills
skills/web-infra-dev/midscene-skills/ios-device-automation/Gen Agent Trust Hub

ios-device-automation

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to dynamically download and execute the @midscene/ios package from the public npm registry.
  • [COMMAND_EXECUTION]: The skill executes multiple Bash commands to interact with the Midscene CLI for device connection, app launching, and UI interaction.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it makes decisions based on untrusted visual data from device screenshots.
  • Ingestion points: Device screenshots captured via take_screenshot are used as the primary input for the act command to determine subsequent actions (SKILL.md).
  • Boundary markers: Absent. There are no instructions to the agent to distinguish between intended application UI elements and malicious text instructions that might be displayed within an app or web page.
  • Capability inventory: High. The agent can perform any UI action (tapping, typing, scrolling) and can send arbitrary HTTP requests to the underlying WebDriverAgent service (SKILL.md).
  • Sanitization: Absent. Screen content is processed directly by the vision model without filtering or verification of the source application's state.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 01:59 AM