mcp-tools
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing third-party MCP servers, specifically
xcodebuildmcp@latestand@kimsungwhee/apple-docs-mcp, using thenpx -ycommand which bypasses installation confirmation and executes code from the npm registry. - [COMMAND_EXECUTION]: The
XcodeBuildMCPtool enables the agent to execute shell commands such asxcodebuildfor project automation, building, cleaning, and project scaffolding, providing a significant capability for local system modification. - [PROMPT_INJECTION]: The skill contains instructions that attempt to override default agent behavior by mandating specific tool prioritization (e.g., "PRIORITY over Context7") and defining strict autonomous workflows ("MANDATORY validation").
- [DATA_EXFILTRATION]: Provides an indirect prompt injection surface through the ingestion of external data which could influence agent actions.
- Ingestion points: Documentation search, WWDC transcripts, and sample code via the
apple-docstool. - Boundary markers: No explicit delimiters or instructions are present to prevent the agent from following directives embedded in retrieved documentation.
- Capability inventory: Includes project building, file creation, and inspection of potentially sensitive build settings.
- Sanitization: No sanitization or validation of the external documentation or code samples is performed before processing.
- [NO_CODE]: The skill is informational and configuration-based, containing no local scripts or binaries; all operations are performed via external tools.
Audit Metadata