xcode-test
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs users to install an unverified third-party tool using
npx xcodebuildmcp@latest. This introduces a supply chain risk as the package is not from a trusted organization or repository list. - [COMMAND_EXECUTION] (LOW): Uses local system commands via MCP to build and run iOS applications. While this is the intended functionality, it grants the agent control over the local build and simulator environment.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it processes raw simulator logs without sanitization or clear boundary markers.
- Ingestion points:
mcp__xcodebuildmcp__get_sim_logs - Boundary markers: Absent
- Capability inventory:
mcp__xcodebuildmcp__build_ios_sim_app,mcp__xcodebuildmcp__install_app_on_simulator,mcp__xcodebuildmcp__launch_app_on_simulator - Sanitization: Absent
Audit Metadata