xcodebuildmcp-tool-contract-review
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands for validation, including
npm run docs:check,npm run typecheck, andnpx skill-check. These are standard development tasks but involve executing code from the local environment and the npm registry. - [PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection because it processes content from untrusted external files.
- Ingestion points: Multiple project files such as
src/mcp/tools/**,manifests/tools/*.yaml, andmanifests/workflows/*.yamlare read into the agent's context for review. - Boundary markers: The skill lacks explicit delimiters (such as XML tags or unique string markers) to separate these file contents from the agent's instructions, nor does it include warnings to ignore instructions embedded within the reviewed data.
- Capability inventory: The agent is granted capabilities to read filesystem contents and execute shell commands (
npm,npx). - Sanitization: No evidence of sanitization, filtering, or validation of the file contents is provided before the agent processes the text.
Audit Metadata