xcodebuildmcp-cli
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run various shell commands using the xcodebuildmcp CLI tool.
- [PROMPT_INJECTION]: The skill interacts with external project data which presents an indirect prompt injection surface. Ingestion points: project paths, scheme names, and bundle IDs in SKILL.md. Boundary markers: none. Capability inventory: shell command execution via xcodebuildmcp. Sanitization: not mentioned in the documentation.
- [SAFE]: No evidence of prompt injection, data exfiltration, or unauthorized code execution was found. The skill leverages a legitimate CLI tool for developer workflows.
Audit Metadata