xcode-app-project-workflow
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Python's
subprocess.runto execute a local utility script (detect_xcode_managed_scope.sh) for project identification. The implementation follows security best practices by passing arguments as a list rather than a shell string, effectively mitigating common command injection risks. - [EXTERNAL_DOWNLOADS]: The skill documentation includes references to the author's official GitHub repositories and established technology organizations for installation and discovery purposes. These references are transparently documented and point to legitimate development resources.
- [SAFE]: The skill proactively implements a 'Mutation Risk Policy' that enforces explicit user warnings and opt-in requirements for direct edits to sensitive project files like
.pbxproj. It also adheres to a 'docs-first' rule, prioritizing official documentation over potentially stale model memory.
Audit Metadata