Skills
skills/megastep/codex-skills/axiom-xcode-mcp-tools/Gen Agent Trust Hub

axiom-xcode-mcp-tools

Warn

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill defines workflows utilizing high-privilege tools such as ExecuteSnippet for running Swift code and XcodeRM/XcodeMV for destructive file operations like deletion and moving within the project directory.
  • [EXTERNAL_DOWNLOADS]: The documentation references an untrusted third-party repository (github.com/SoundBlaster/XcodeMCPWrapper) as a recommended solution for addressing MCP specification violations in some clients.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its pattern of processing external, potentially attacker-controlled data to drive automated tool loops.
  • Ingestion points: Processes external data from build logs (GetBuildLog), IDE diagnostics (XcodeListNavigatorIssues), and test execution results (RunSomeTests).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the workflows when interpolating ingested data into subsequent logic.
  • Capability inventory: Includes capabilities for file modification (XcodeUpdate), file deletion (XcodeRM), and code execution (ExecuteSnippet).
  • Sanitization: No evidence of sanitization or validation of diagnostic/test output before it is used to determine 'fixes' or next steps in the BuildFix/TestFix loops.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 5, 2026, 11:54 AM