using-xtool
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill creates a significant attack surface by reading untrusted project files and using their content to drive system execution. Ingestion points: 'xtool.yml', 'Package.swift', and 'Info.plist' (SKILL.md). Boundary markers: Absent; no instructions provided to distinguish data from instructions. Capability inventory: Arbitrary command execution via 'xtool dev' and 'xtool setup', plus sensitive credential handling via 'xtool auth login'. Sanitization: Absent; the agent is instructed to trust the project structure for build operations.
- [External Downloads] (MEDIUM): The skill instructions rely on 'xtool', a non-standard third-party binary for iOS development whose security provenance and source code are unverified.
- [Command Execution] (MEDIUM): The skill directs the agent to execute various CLI commands for building and deploying applications, which could be exploited through malicious project configurations.
- [Data Exposure] (MEDIUM): The skill facilitates the use of high-privilege Apple ID authentication and certificate management through a third-party tool, posing a risk of credential compromise.
- [Metadata] (INFO): Automated scanner alerts for 'com.app' and 'com.apple.Sa' are false positives resulting from standard iOS bundle ID patterns and extension identifiers found in the skill documentation.
Recommendations
- AI detected serious security threats
- Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata