Leavn Final Build Push
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill is authorized to use the Bash tool to execute 'xcodebuild' and other shell commands to diagnose and fix build issues. While necessary for its purpose, this capability allows the agent to execute any system command.
- [PROMPT_INJECTION] (LOW): The skill possesses a surface for indirect prompt injection because it reads and acts upon external data sources.
- Ingestion points: The agent reads error logs from 'xcodebuild' stdout/stderr and reads/edits existing project source code files.
- Boundary markers: There are no boundary markers or instructions telling the agent to treat build errors or file contents as data rather than instructions.
- Capability inventory: The skill allows 'Bash' (command execution), 'Edit' (file modification), 'Read', and 'Grep'.
- Sanitization: No sanitization is performed on the data read from files or logs. An attacker could place malicious instructions in source code comments or error-generating code that the agent might inadvertently follow.
Audit Metadata