test-xcode
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to install the 'xcodebuildmcp' package from the official NPM registry using 'npx'. This is a standard procedure for installing MCP tools and uses a well-known service.
- [COMMAND_EXECUTION]: The skill workflow involves executing commands to build projects and control iOS simulators. These actions are performed through specialized MCP tools like 'mcp__xcodebuildmcp__build_ios_sim_app' and 'mcp__xcodebuildmcp__boot_simulator'.
- [PROMPT_INJECTION]: An indirect prompt injection surface is present.
- Ingestion points: Simulator logs are read into the agent context via 'mcp__xcodebuildmcp__get_sim_logs'.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands within logs are provided.
- Capability inventory: The skill can build, install, and launch applications, which involves local command execution.
- Sanitization: No sanitization or filtering of log content is implemented before processing.
Audit Metadata