ios-exploiting

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content contains explicit, actionable exploit development and post‑compromise techniques—including kernel privilege escalation, code‑signing/trust‑cache modification, PAC/SPTM bypasses, persistence methods, and surveillance actions (keylogging, stealth camera/recording hooks)—that enable intentional device compromise, backdoors, and data exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the SKILL.md workflow explicitly tells the agent to download IPSW files from a public site (https://ipsw.me/) and to load/examine the extracted kernelcache in Ghidra, and also cites external webpages (e.g., theiphonewiki, HackTricks) as part of the required analysis steps, meaning the agent ingests and interprets untrusted third‑party content that can influence analysis and follow-up actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). Although the prompt is framed as research, it explicitly describes and instructs on bypassing security mechanisms (PAC, code‑signing, PPL/SPTM), gaining kernel privileges, modifying trust caches and installing unsigned payloads — i.e. actions that change system state and escalate privileges on target machines — so it pushes an agent toward compromising system state.