xcode-build-fixer
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
xcodebuildcommands and a bundled Python benchmark script (scripts/benchmark_builds.py). These operations are necessary for performance verification. The Python script usessubprocess.runwith argument lists, which is a secure implementation that prevents shell command injection. - [DATA_EXFILTRATION]: The skill uses
git ls-remote --tagsto verify version tags for remote Swift Package Manager dependencies. This is a read-only network operation used for legitimate dependency management and does not involve unauthorized data transmission. - [PROMPT_INJECTION]: The skill ingests instructions from external files like
.build-benchmark/optimization-plan.md. This represents a surface for indirect prompt injection, where an attacker could theoretically embed malicious instructions in the plan to manipulate the agent's behavior during code modification or build steps. - Ingestion points: Reads optimization recommendations and approval statuses from
.build-benchmark/optimization-plan.mdand processes developer-supplied instructions. - Boundary markers: Relies on a checkbox-based approval system in the markdown plan but lacks explicit delimiters or instructions to ignore embedded commands within the descriptive text.
- Capability inventory: The skill has the capability to modify Xcode project configuration files, shell-based build phases, and Swift source code, and can subsequently trigger builds and benchmarks.
- Sanitization: The skill mitigates risks by referencing specific before/after fix patterns in
references/fix-patterns.mdand adhering to a predefined execution workflow.
Audit Metadata