The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill instructions direct the agent to analyze local source code and project documentation, creating a surface for potential instruction injection from those data sources.
Ingestion points: Project source files (src/runtime/**, src/cli/**, src/daemon/**) and remote documentation files hosted on xcodebuildmcp.com.
Boundary markers: No explicit markers are defined to differentiate between the skill's instructions and the content being reviewed.
Capability inventory: The agent is authorized to execute standard validation tools like npm test and npx skill-check.
Sanitization: Content from files and documentation is not sanitized or escaped prior to being processed by the agent.
[REMOTE_CODE_EXECUTION]: The validation section instructs the agent to run npx skill-check. While npx can dynamically fetch packages, this is an expected operation for verifying agent skills within the development environment.
[DATA_EXPOSURE_AND_EXFILTRATION]: The skill references a project-specific domain (xcodebuildmcp.com) for documentation access. This is a legitimate project resource and does not involve the exfiltration of sensitive information or the use of untrusted communication channels.

xcodebuildmcp-runtime-boundary-review