xcode-project-setup
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Utilizes a local Swift script to modify Xcode project files programmatically. This method is safer than raw text manipulation using tools like sed.
- [EXTERNAL_DOWNLOADS]: The skill downloads the XcodeProj library as a dependency for its internal tooling and facilitates the addition of external Swift packages from well-known sources into the project.
- [PROMPT_INJECTION]: The skill accepts external inputs (repository URLs, project paths) that are used to construct shell commands and modify project structures, creating a surface for indirect injection.
- Ingestion points: CLI arguments defined in SKILL.md such as and <ProjectPath.xcodeproj>.
- Boundary markers: Absent. No specific delimiters or instructions to ignore embedded commands in these variables are provided.
- Capability inventory: Shell command execution via swift run and local file modification through the XcodeProj library.
- Sanitization: Absent. The instructions do not describe sanitization or escaping of user-provided paths or URLs.
- [SAFE]: The logic in main.swift is transparent and focuses on legitimate Xcode project configuration, such as injecting linker flags for Firebase compatibility.
Audit Metadata