iOS Polish

Name: claude-skill-collection/ios-polish
Author: ElvinOuyang

View on GitHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

The skill executes shell commands and performs

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

iOS Polish: You are performing a final design quality pass on SwiftUI views. Your job is not just to check for correctness — it's to make the interface feel *crafted*. Every Apple-quality app shares certain traits: generous spacing, purposeful typography, restrained color, fluid motion, and invisible accessibility. This skill teaches you to see what's missing and fix it.

Actually does

This skill instructs the AI to perform a design quality review of SwiftUI views. It provides a structured 10-dimension checklist covering spacing, typography, color, animation, accessibility, and HIG compliance. The AI is guided to identify 'red flags' in the provided SwiftUI code and 'make the change' to fix them, following specific principles and a pre/post-polish assessment.

Threat Analysis

AI Agent Traps ↗Scanned 4/16/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoning1 finding

Cognitive StateMemory & Learning1 finding

Behavioural ControlAction2 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

NameElvinOuyang/claude-skill-collection/ios-polish

Registrygithub

Version52c90f4772ba

PURLpkg:github/ElvinOuyang/claude-skill-collection@52c90f4772ba?skill=ios-polish

Stars1

Source

Repository ↗SKILL.md ↗

SHA-256771e46794663...

SHA-15d3d8759a083...

MD57293398ec456...

TLSHda72fa5b73c0...

ssdeep384:qbBb8aHc...

Size15,989 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

GitHub

https://github.com/ElvinOuyang/claude-skill-collection

Claude CodeDocs

/plugin marketplace add ElvinOuyang/claude-skill-collection

/plugin install ios-polish@ElvinOuyang/claude-skill-collection

claude-marketplace

https://github.com/ElvinOuyang/claude-skill-collection

Skills.shDocs

npx skills add https://github.com/ElvinOuyang/claude-skill-collection

Assessments (3)

AI Agent Traps ↗

Shell command execution function detectedcriticalcommand execution

Shell command execution function detected

100% confidenceline 54

system(

High-risk action without approval gate — financial or destructive operation bypassing human confirmationhighfinancial action

High-risk action without approval gate — financial or destructive operation bypassing human confirmation

100% confidenceline 131

delete without confirmation

Agent instructed to modify codelowcommand execution

The skill explicitly instructs the agent to 'make the change' after identifying areas for improvement. This implies the agent has write access to the codebase and the capability to modify files. While intended for benign design improvements, this capability could be abused if the agent were compromised or given malicious instructions.

80% confidenceline 34

Work through each dimension in order. For each one, note what you'd change and why, then make the change.

External references for RAG/knowledge basemediumsupply chain, rag poisoning

The skill refers to external Markdown files (e.g., `references/typography.md`) for detailed guidance. If these external files are not securely controlled or are loaded from untrusted sources, they could be modified to inject malicious instructions, poison the agent's knowledge base, or subtly alter its reasoning.

90% confidenceline 62

See `references/typography.md` for the full text style hierarchy and Dynamic Type testing guide.

Highly authoritative language to guide reasoninginfobiased language

The skill uses strong, prescriptive language ('NEVER', 'Red flags', 'Principles') to enforce specific design choices and best practices. While aligned with the skill's goal of enforcing HIG compliance, this is a form of semantic manipulation designed to heavily influence the agent's reasoning.

70% confidenceline 260

NEVER - Add decorative animations that serve no UX purpose

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/ElvinOuyang/claude-skill-collection/ios-polish.svg)](https://mondoo.com/ai-agent-security/skills/github/ElvinOuyang/claude-skill-collection/ios-polish)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/ElvinOuyang/claude-skill-collection/ios-polish"><img src="https://mondoo.com/ai-agent-security/api/badge/github/ElvinOuyang/claude-skill-collection/ios-polish.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/ElvinOuyang/claude-skill-collection/ios-polish.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow