ios
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill describes an automated workflow for parsing build logs and modifying scripts based on errors, creating an indirect prompt injection surface where malicious log content could influence agent actions.
- Evidence Chain:
- Ingestion points: Build output from xcodebuild and PhaseScriptExecution logs.
- Boundary markers: None specified for log parsing logic.
- Capability inventory: File system write access for script modification and command execution via xcodebuild.
- Sanitization: No sanitization of parsed error content is mentioned before script modification.
- [COMMAND_EXECUTION]: The skill uses standard Apple CLI tools including xcodebuild, xcrun, and xcodegen for project building, testing, and deployment.
- [EXTERNAL_DOWNLOADS]: Utilizes well-known dependency managers such as CocoaPods and Swift Package Manager to integrate external libraries.
Audit Metadata