build-macos-apps
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (HIGH): High vulnerability to Indirect Prompt Injection (Category 8). The skill processes untrusted external content from existing source code files (workflows/add-feature.md) and user requirements without boundary markers or sanitization. This surface is exploitable due to the skill's high-privilege capabilities, including arbitrary command execution (xcodebuild) and code compilation.
- [COMMAND_EXECUTION] (HIGH): The skill performs sensitive system modifications, specifically using 'networksetup' to configure web proxies in 'references/cli-observability.md'. This capability could be used to intercept or reroute system traffic.
- [EXTERNAL_DOWNLOADS] (MEDIUM): Recommends installing 'xcsift' from an untrusted third-party repository ('ldomaradzki/xcsift') via Homebrew in 'references/cli-observability.md'. Untrusted formula providers represent a supply-chain risk.
- [DATA_EXFILTRATION] (MEDIUM): Accesses sensitive system diagnostic reports in '~/Library/Logs/DiagnosticReports/' ('references/cli-observability.md'). While intended for debugging, this provides access to potentially sensitive system and application state information.
- [COMMAND_EXECUTION] (MEDIUM): Implements a workflow of generating, compiling, and executing code ('xcodebuild' followed by 'open'). This creates a direct execution path for any code synthesized from untrusted or injected inputs.
Recommendations
- AI detected serious security threats
Audit Metadata