preflight-permissions
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill modifies the system trust store by adding a self-signed certificate as a trusted root.
- Evidence: The command 'security add-trusted-cert -d -r trustRoot' in Step 2 elevates a locally generated certificate to a trusted status in the user's login keychain.
- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection by reading project metadata and interpolating it into shell commands without validation.
- Ingestion points: Reads 'project.yml' and '*.xcodeproj' files to extract project names, bundle IDs, and target names.
- Boundary markers: No delimiters or sanitization logic is present to isolate project metadata from the command strings.
- Capability inventory: Uses shell-level access to 'openssl', 'security', 'xcodebuild', 'open', and 'osascript'.
- Sanitization: The skill lacks any evidence of escaping or verifying metadata before it is interpolated into sensitive commands like '{Project}.xcodeproj' or '{AppName} Dev'.
- [COMMAND_EXECUTION]: The skill dynamically generates and executes Swift test code.
- Evidence: Step 6 involves the creation of a 'PermissionSmokeTests.swift' file that is compiled and executed at runtime using 'xcodebuild test'.
Audit Metadata