ios-ci-cd
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The workflow templates use 'sudo xcode-select' to configure the build environment, which is a standard and necessary operation on macOS runners to ensure the correct Xcode version is active for the build process.
- [EXTERNAL_DOWNLOADS]: The CI scripts automate the installation of 'fastlane' via RubyGems and 'swiftlint' via Homebrew. These are well-established, widely-used development tools in the iOS ecosystem.
- [DATA_EXFILTRATION]: Configuration files include integrated Slack notification capabilities to report build outcomes and repository metadata. This behavior is standard for CI/CD systems to provide visibility into the development pipeline.
- [PROMPT_INJECTION]: The 'register_device' lane in the Fastlane template (assets/fastlane/Fastfile) uses the 'prompt' command to collect user input without explicit boundary markers or sanitization, representing a potential surface for indirect prompt injection during interactive use.
Audit Metadata