applaunchflow
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill generates executable shell scripts locally and instructs the agent to run the '@applaunchflow/mcp' tool from NPM using npx.
- [COMMAND_EXECUTION]: The skill executes system commands such as 'xcodebuild', 'xcrun simctl', and 'flutter' via generated scripts to automate builds and screenshot capture.
- [EXTERNAL_DOWNLOADS]: The skill fetches the AppLaunchFlow MCP server package from the NPM registry at runtime.
- [DATA_EXFILTRATION]: The skill uploads curated screenshot assets to the AppLaunchFlow service (applaunchflow.com) for layout processing.
- [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface as it reads untrusted data from the local codebase (e.g., locale identifiers, screen names, and navigation patterns) to populate the parameters of generated scripts and code. Ingestion points: Project files including pubspec.yaml, Localizable.xcstrings, and .arb files. Boundary markers: No delimiters or warnings are used for ingested content. Capability inventory: The skill has access to shell execution, file system writes, and network operations. Sanitization: No explicit validation or sanitization of codebase-derived strings is performed before their interpolation into executable content.
Audit Metadata