Skills
NYC
skills/smithery/ai/xcode-build/Gen Agent Trust Hub

xcode-build

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill processes Xcode workspaces and projects which are untrusted external data sources.
  • Ingestion points: Path to .xcworkspace or .xcodeproj provided by user or discovered via Glob.
  • Boundary markers: Absent; the agent is instructed to use direct CLI tools on these files without validation.
  • Capability inventory: The xcodebuild tool inherently executes arbitrary shell scripts defined within the project's build phases.
  • Sanitization: Absent; there is no check for malicious scripts in the project file before building.
  • Command Execution (HIGH): The skill grants the agent broad access to the Bash tool to run powerful system utilities like xcodebuild and xcrun, which can be subverted by malicious project configurations to gain persistent access.
  • Data Exposure (MEDIUM): The use of /usr/bin/log stream allows the agent to capture real-time system or application logs.
  • Evidence: The provided patterns for log capture use predicates that could be expanded or bypassed to exfiltrate sensitive information from other system processes.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 10:02 AM