The Agent Skills Directory

[COMMAND_EXECUTION]: The skill invokes xcodebuild and git commands via Python utility scripts (scripts/benchmark_builds.py and scripts/diagnose_compilation.py) to capture timing data and compiler diagnostics. These operations are conducted using structured argument lists to minimize risk and are strictly related to the skill's stated purpose of build optimization.
[PROMPT_INJECTION]: The skill possesses an ingestion surface for potential indirect prompt injection as it processes project metadata (project.pbxproj) and build logs to generate reports. This risk is managed through a mandatory approval checklist where the user must explicitly authorize any recommended fixes.
Ingestion points: project.pbxproj file contents and xcodebuild standard output logs.
Boundary markers: Absent; parsing relies on regex-based extraction of performance metrics.
Capability inventory: subprocess.run execution of build tools in benchmark and diagnosis scripts.
Sanitization: Data is processed via specific regex patterns designed to extract timing values and type-checking warnings rather than executing embedded instructions.
[SAFE]: No evidence of hardcoded credentials, unauthorized network exfiltration, persistence mechanisms, or code obfuscation was found. All analyzed scripts operate on local project files and store results in a designated .build-benchmark directory.

xcode-build-orchestrator