xcode-build
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill utilizes the Bash tool to execute xcodebuild and xcrun commands. Although these tools can run arbitrary code through project-defined build phases, the severity is reduced because this is the primary functionality of the skill.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection. * Ingestion points: Processes untrusted .xcodeproj and .xcworkspace files. * Boundary markers: Absent; commands are executed based on external project state. * Capability inventory: Full Bash execution for building and managing simulators. * Sanitization: No validation of project scripts or build settings is performed.
Audit Metadata