[nmgycombinator]

The PoC code should work. You just need to install Kass as a dependency. If you have done that, are there any other issues you are facing?

As far as risks are concerned: any app with the ability to get a send right to NetAuthAgent (pretty much any un-sandboxed app) can just silently as NetAuthAgent for any saved credentials for file drives (FTP, WebDAV, Samba, etc.), as well as chaining into a leak of all iCloud Contacts and Calendars (plus other stuff from iCloud). Sandboxing makes it difficult, but not impossible.

The risks are zero if you're up to date (and the patch was in October of last year, so you honestly should be up to date already). If you are not up to date for whatever reason and choose not to be, the risks are far more (unless you diligently check every single process that ever runs on your device).