xcodebuildmcp-snapshot-fixture-review
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines commands for local validation, including
npm run test:snapshots,npm run test:schema-fixtures, andnpx skill-check. These are typical for project testing and maintenance and do not involve suspicious actions. - [EXTERNAL_DOWNLOADS]: The skill references documentation hosted at
xcodebuildmcp.comand utilizesnpx, which may download packages from the public npm registry. These operations target project-specific resources or well-known services and are documented neutrally. - [PROMPT_INJECTION]: The skill processes untrusted external data via test fixtures located in
src/snapshot-tests/__fixtures__/**. Ingestion points: Test fixture files. Boundary markers: Absent. Capability inventory: Local npm and npx execution. Sanitization: Absent. The potential for indirect prompt injection is mitigated by the skill's explicit instructions for review-only behavior and requirement for manual intervention for any code changes.
Audit Metadata