swift-tdd-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The utility script
scripts/run-tests.shuses theevalcommand to execute anxcodebuildcommand string that is dynamically constructed from user-supplied arguments. - Evidence: In
scripts/run-tests.sh, the variableCMDis built by concatenating parameters such asSCHEME,DEVICE, andTEST_CLASSwithout shell escaping, and then executed viaeval "${CMD}". - Risk: This pattern is vulnerable to command injection. An attacker could provide arguments containing shell metacharacters (e.g.,
;,&&, or backticks) to execute arbitrary commands on the host system. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface where untrusted data could influence agent actions through the test-runner script.
- Ingestion points: Script arguments in
scripts/run-tests.shincluding--scheme,--device,--class, and--method. - Boundary markers: The script does not utilize boundary markers or explicit instructions to prevent the interpretation of embedded shell commands in the arguments.
- Capability inventory: The skill includes the capability to execute subprocesses and system commands via
evalwithinscripts/run-tests.sh. - Sanitization: There is no evidence of input validation, sanitization, or shell-safe escaping of parameters before they are interpolated into the execution string.
Audit Metadata