xcodebuildmcp-packaging-resource-review
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill instructions are focused on legitimate build and packaging review tasks. No signs of obfuscation, malicious command patterns, or unauthorized data access were found.
- [COMMAND_EXECUTION]: The skill directs the agent to execute standard project build and validation commands, including
npm run build,npm run verify:portable, andnpx skill-check. These are expected development activities performed within the local project context. - [PROMPT_INJECTION]: The skill involves reviewing external project files (e.g.,
package.json, scripts, manifests), which introduces a potential surface for indirect prompt injection. This is inherent to code review tasks and is managed by the agent's internal safety guardrails. - Ingestion points: Files specified in the 'Files to inspect' list (e.g.,
package.json,scripts/copy-build-assets.js,manifests/**). - Boundary markers: None explicitly mentioned in the instructions.
- Capability inventory: Execution of local build scripts and validation tools via
npmandnpx. - Sanitization: None specified for the content of the reviewed files.
Audit Metadata