The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses Python scripts (scripts/benchmark_builds.py and scripts/diagnose_compilation.py) to execute the xcodebuild command-line tool via the subprocess module. These calls are used to perform build benchmarks and diagnostics. The commands are constructed using argument lists rather than shell strings, which is a best practice to mitigate shell injection risks. This execution is central to the skill's primary purpose.
[COMMAND_EXECUTION]: Instructions in SKILL.md specify that the agent may perform local git operations, such as git log and git cherry-pick, to maintain a buildable project state in worktree environments.
[DATA_EXPOSURE]: The skill audits build settings by reading project metadata files including .xcodeproj and project.pbxproj. This data is processed locally to generate optimization recommendations and does not involve external transmission of sensitive configuration.
[SAFE]: The skill implements a robust security posture by requiring an 'Approval Gate' where the agent must present a plan and wait for explicit developer consent before delegating modification tasks to other fixer skills.
[SAFE]: Analysis of Indirect Prompt Injection surface (Category 8): 1. Ingestion points: The skill reads local project files (project.pbxproj) and benchmark JSON artifacts to generate reports. 2. Boundary markers: While explicit boundary markers are absent in the scripts, the orchestration workflow mandates that the agent present its findings for human review before taking action. 3. Capability inventory: The skill executes xcodebuild and git commands, and writes report files to the .build-benchmark/ directory. 4. Sanitization: Project files are parsed using targeted regular expressions in generate_optimization_report.py, which provides structural validation of the ingested data.

xcode-build-orchestrator