Skills
skills/avdlee/xcode-build-optimization-agent-skill/xcode-build-benchmark/Gen Agent Trust Hub

xcode-build-benchmark

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes xcodebuild commands via a Python script to perform benchmarks.
  • Evidence: scripts/benchmark_builds.py uses subprocess.run with list-based arguments to invoke xcodebuild commands like clean, build, and -showBuildSettings, which is a secure practice that prevents shell injection.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and parses data from build logs and project configurations.
  • Ingestion points: build output and project metadata are parsed in scripts/benchmark_builds.py.
  • Boundary markers: Absent.
  • Capability inventory: The skill can execute arbitrary xcodebuild commands and write artifacts to the local .build-benchmark/ directory.
  • Sanitization: The script uses list-based subprocess execution to prevent shell command injection from untrusted inputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 03:27 PM