xcodebuild-notify
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
hooks/scripts/xcodebuild-notify.shdynamically constructs anosascriptcommand to display notifications. It extracts parameters like the scheme and project name from the agent's previous tool input and interpolates them directly into an AppleScript string. Because these variables are not escaped, an attacker (e.g., via indirect prompt injection) could provide a value containing double quotes or other AppleScript control characters to break out of the string and execute arbitrary commands via thedo shell scriptcommand or other AppleScript features. - [INDIRECT_PROMPT_INJECTION]: The skill exposes a vulnerability surface where untrusted data influences code execution.
- Ingestion points:
hooks/scripts/xcodebuild-notify.shreads.tool_input.commandfromstdin(piped JSON). - Boundary markers: None. The script processes the raw command string without validation or isolation.
- Capability inventory: The script has the capability to execute AppleScript via
osascript, which can interact with the system or execute shell commands. - Sanitization: Absent. There is no escaping or filtering of special characters (such as
",;, or&) before passing extracted values to the shell for execution. - [EXTERNAL_DOWNLOADS]: The skill documentation specifies a requirement for
jq, suggesting users install it viabrew install jq. Whilejqis a standard and trusted utility, the skill depends on the presence and integrity of this external binary on the host system path.
Audit Metadata