xcodebuildmcp-cli
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill enables an agent to execute the xcodebuildmcp CLI, granting it the ability to perform sensitive development operations such as compiling code, launching apps on simulators or devices, and attaching debuggers.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it relies on the agent discovery and parsing of local project configuration files.
- Ingestion points: Metadata is ingested from project files such as .xcodeproj and .xcworkspace via commands like discover-projects as documented in SKILL.md.
- Boundary markers: There are no explicit delimiters or safety instructions provided to the agent to treat discovered project metadata as untrusted.
- Capability inventory: The CLI provides powerful capabilities including UI automation (tapping, typing, screenshots), debugger attachment, and log session management as described in SKILL.md.
- Sanitization: The skill documentation does not describe any validation or sanitization of the data ingested from the project configuration files before it is processed.
Audit Metadata