init-xcode-app
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local CLI tools including
xcodegen,xcodebuild, andnodeto generate, build, and verify the project structure. These operations are standard for the stated purpose of scaffolding an Xcode project. - [EXTERNAL_DOWNLOADS]: The CI configuration (
assets/modules/ci/ci.yml) includes steps to installxcodegenandswiftlintvia Homebrew within a GitHub Actions environment. These are well-known and standard development tools. - [PROMPT_INJECTION]: The skill includes functionality to ingest an optional
jtbd.jsonfile to populate project documentation and agent guidelines. This creates a surface for indirect prompt injection where instructions in the source file could influence an agent reading the generated project. - Ingestion points:
jtbd.jsonprocessed byscripts/render-jtbd.sh. - Boundary markers: Absent in the templating logic.
- Capability inventory: The skill performs file system operations, build commands, and script execution to initialize the project.
- Sanitization: No sanitization is performed on the data substituted into the templates.
Audit Metadata