xcodebuildmcp-runtime-boundary-review
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands such as
npm test,npm run typecheck, andnpx skill-checkto validate the integrity of the project's runtime boundaries and documentation. These commands are part of standard development and testing workflows. - [INDIRECT_PROMPT_INJECTION]: As the skill is designed to inspect and review external source code, manifests, and documentation files, it possesses an inherent surface for indirect prompt injection if the files being reviewed contain malicious instructions intended to influence the agent.
- Ingestion points: Multiple source code files (
src/runtime/*.ts), manifests (manifests/**/*.yaml), and documentation paths (xcodebuildmcp.com/app/docs/_content/*.mdx) listed in the review scope. - Boundary markers: No specific delimiters or instructions to ignore embedded commands within the inspected files are defined in the skill instructions.
- Capability inventory: The skill has the ability to execute shell commands via
npmandnpxduring the validation phase. - Sanitization: There is no indication of content sanitization or validation of the input files before the agent processes them.
Audit Metadata