xcode-build

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.70). The sentinel section instructs the agent to append a special marker to replies (a meta-behavioral output modification) which is unrelated to Xcode build guidance and therefore is a hidden/deceptive behavioral instruction outside the skill's stated purpose.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The CI workflow in the skill references GitHub Actions that are fetched and executed at runtime (e.g., uses: actions/checkout@v4 -> https://github.com/actions/checkout, actions/cache@v3 -> https://github.com/actions/cache, actions/upload-artifact@v3 -> https://github.com/actions/upload-artifact), which are external repositories whose code runs on the runner, so they are runtime external dependencies that execute remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill includes explicit sudo usage (sudo xcode-select ...) and commands that modify system state (creating/importing keychains, copying provisioning profiles, removing DerivedData) which require elevated privileges or alter the machine's configuration, so it can compromise the host if executed.