build-distribution
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes standard macOS developer commands for verifying code-signing identities and app signatures (e.g.,
security find-identity,codesign). These are legitimate diagnostic tools used according to their intended purpose within the development workflow. - [CREDENTIALS_UNSAFE]: The documentation provides instructions for managing code-signing certificates and provisioning profiles. It correctly advises storing CI/CD secrets securely and demonstrates the use of the macOS keychain for password management in CLI examples, adhering to security best practices.
- [EXTERNAL_DOWNLOADS]: The skill references standard industry tools such as Xcode, fastlane, and official Apple notarization services. All external references point to well-known, trusted utilities essential for the specified task of application distribution.
Audit Metadata