Skills
skills/avdlee/xcode-build-optimization-agent-skill/spm-build-analysis/Gen Agent Trust Hub

spm-build-analysis

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The helper script scripts/check_spm_pins.py executes the git ls-remote command using subprocess.run to verify tag availability for branch-pinned dependencies.
  • Evidence: The script uses the standard library subprocess module with a list of arguments, which is a secure practice to prevent shell injection.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch metadata (git tags) from remote repositories.
  • Evidence: These operations are targeted at URLs extracted directly from the project's own project.pbxproj file and are used solely for identifying version-pinning opportunities.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 03:27 PM