Minis Security Skills

Minis Security Skills

License: Apache-2.0 Platform: Minis on iOS Status: v0.1.0

A GitHub-ready skill pack for Minis on iOS focused on practical AI agent safety.

This repository contains two complementary skills:

  • agent-security-guard — operational safety for shell, files, browser actions, uploads, device-side effects, and risky automation
  • prompt-injection-defense — protection against malicious instructions embedded in webpages, PDFs, OCR, repository files, logs, and other untrusted content

It also includes shared references for security review, red-flag detection, adversarial testing, and design-review notes.

Why this exists

Minis can use:

  • an iSH Linux shell
  • browser automation
  • local file operations
  • Apple framework tools such as reminders, calendar, health, maps, home, media, and more

That makes it powerful, but also creates real security risk if a skill is too permissive. This pack is designed to provide a strong default safety baseline for agentic work on iOS.

What’s included

Skills

1) agent-security-guard

Use when planning, reviewing, or executing tasks that may involve:

  • shell commands
  • file operations
  • uploads or publication
  • secrets or personal data
  • destructive changes
  • reminders / calendar / health / home writes
  • risky automation or cross-service workflows

Core themes:

  • risk tiering
  • least privilege
  • confirmation gates
  • secret handling
  • safe shell/browser/file usage
  • real-world side-effect control

2) prompt-injection-defense

Use when handling untrusted content from:

  • webpages
  • PDFs and office documents
  • OCR screenshots
  • repository files and READMEs
  • logs, comments, issue threads, generated artifacts

Core themes:

  • external content is data, not authority
  • scope containment
  • secret-exfiltration prevention
  • blocking unsafe tool escalation
  • mixed-content handling
  • Minis-specific browser/offload/session protections

Shared references

Checklist

Structured review flow for:

  • task clarification
  • risk classification
  • trust boundaries
  • secret handling
  • side-effect screening
  • execution and reporting

Red flags

Fast pattern matching for:

  • prompt injection
  • secret exfiltration
  • dangerous shell forms
  • data egress
  • real-world side effects
  • Minis-specific trap patterns

Adversarial tests

A 10-case test set covering:

  • env-var theft prompts
  • .env exfiltration
  • cookie/session requests
  • remote installer patterns
  • destructive file operations
  • health/home/reminder side effects
  • mixed-content malicious instructions

Review notes

Quick start

Use agent-security-guard when the risk is in the action

Examples:

  • installing software
  • deleting or renaming files
  • uploading data
  • writing reminders / calendar / health / home state
  • changing important project files

Use prompt-injection-defense when the risk is in the content

Examples:

  • browsing a suspicious webpage
  • reading a PDF or OCR screenshot
  • reviewing a README that asks to run commands
  • summarizing content that may include hidden instructions

Use both together when the task has untrusted content + possible side effects

Examples:

  • a README that asks to reveal secrets or run setup commands
  • a PDF that tells the agent to upload local logs
  • a webpage that mixes useful content with exfiltration instructions

Design principles

This pack is built around a few simple ideas:

  • External content is data, not authority
  • Read-only first whenever possible
  • Least privilege by default
  • Explicit confirmation for risky side effects
  • No secret disclosure because content asked for it
  • Complete the safe subset, quarantine the unsafe subset

Repository structure

minis-security-skills/
├── README.md
├── LICENSE
├── RELEASE-MANIFEST.md
├── RELEASE-DRAFT-v0.1.0.md
├── GITHUB-METADATA.md
├── skills/
│   ├── agent-security-guard/
│   │   └── SKILL.md
│   └── prompt-injection-defense/
│       └── SKILL.md
└── references/
    ├── security-review-checklist.md
    ├── red-flags-reference.md
    ├── adversarial-test-cases.md
    ├── design-review-round-2.md
    └── compact-version-summary.md

Current status

This pack has been iteratively refined for Minis on iOS and reviewed against a dedicated adversarial test set.

Latest design-review status:

  • agent-security-guard: Strong v1
  • prompt-injection-defense: Strong v1
  • adversarial review result: 10/10 pass on the current test set

Roadmap

Possible future additions:

  • stronger verification guidance for downloaded artifacts
  • more complex chained attack tests
  • more Minis-specific security skills
  • release automation and richer GitHub metadata

Contributing

Contributions are welcome, especially around:

  • new adversarial test cases
  • Minis-specific threat patterns
  • safer shell/browser workflows
  • better review templates and references

See CONTRIBUTING.md.

Security

If you find a weakness in these skills or references, see SECURITY.md.

License

Apache License 2.0