xcode-build
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes the Bash tool to execute standard Apple development utilities like xcodebuild and xcrun. These actions are aligned with the skill's stated purpose.
- [DATA_EXPOSURE] (LOW): The skill provides examples for capturing application logs using /usr/bin/log stream. Users should be aware that logs may contain sensitive information depending on the application's behavior.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface detected. 1. Ingestion points: Command output from xcodebuild and xcrun, and project configuration files (.xcodeproj, .xcworkspace). 2. Boundary markers: Absent. 3. Capability inventory: Bash command execution, file system read/write, and process management (kill). 4. Sanitization: Absent. Maliciously crafted project metadata, file paths, or application logs could potentially influence the agent's behavior if processed without sanitization.
Audit Metadata