build-iphone-apps
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses high-privilege shell commands, specifically
sudo xcode-select, to modify the system's active Xcode development path during environment configuration. - [EXTERNAL_DOWNLOADS]: The workflow documentation recommends the installation of several third-party CLI utilities via Homebrew, including the use of an untrusted tap (
ldomaradzki/xcsift) to installxcsift, a tool designed to parse xcodebuild output for AI agents. - [COMMAND_EXECUTION]: The skill relies on a extensive list of local CLI tools to manage the app development lifecycle, including
xcodebuild,xcrun,simctl,fastlane,xcodegen, andios-deploy. These tools are executed in the local shell environment with user permissions. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it interpolates user-controlled data into shell command templates and project configuration files.
- Ingestion points: User-provided project names, bundle identifiers, and application source code.
- Boundary markers: Command templates do not employ delimiters or specific instructions to ignore embedded malicious content in user-provided strings.
- Capability inventory: The skill can execute arbitrary shell commands, manage system configurations via sudo, and perform network requests through build tools.
- Sanitization: There is no evidence of sanitization or validation of user-provided strings before they are incorporated into executable scripts or configuration files.
Audit Metadata