The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection because it ingests data from external sources that could contain malicious instructions. * Ingestion points: Data enters the agent context through GetBuildLog, XcodeListNavigatorIssues, and XcodeRead. * Boundary markers: There are no instructions provided to use delimiters or warnings to ignore embedded instructions in the ingested data. * Capability inventory: The agent has access to ExecuteSnippet for code execution and XcodeRM for file deletion. * Sanitization: No sanitization or validation of the tool outputs is specified before processing.
Command Execution (LOW): The skill documents the use of ExecuteSnippet for running Swift code. While it notes the environment is sandboxed, this allows for the execution of dynamic logic within the session.
External Reference (LOW): The skill recommends an external tool via https://github.com/SoundBlaster/XcodeMCPWrapper. This repository is not part of the trusted organization list, though it is provided as a compatibility workaround rather than an automated download.

axiom-xcode-mcp-tools