build-distribution
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the use of standard Apple development tools including security, codesign, and xcrun for certificate management and build distribution. These commands are legitimate and necessary for the skill's stated purpose.
- [PROMPT_INJECTION]: The skill instructions involve processing user-provided app metadata and build configurations, which serves as a potential surface for indirect prompt injection. * Ingestion points: App Store metadata (name, description, keywords) and build settings reviewed via XcodeBuildMCP. * Boundary markers: Not explicitly provided in the workflow. * Capability inventory: Shell execution of developer tools and access to build environments. * Sanitization: No specific sanitization or validation steps for project metadata are described.
Audit Metadata