← Back to directory
Public SkillFlagged

macos-spm-app-packaging

Dimillian

Scaffold, build, and package SwiftPM-based macOS apps without an Xcode project. Use when you need a from-scratch macOS app layout, SwiftPM targets/resources, a custom .app bundle assembly script, or signing/notarization/appcast steps outside Xcode.

Security Summary

This skill includes a SKILL.md descriptor and ships with reference documentation. Security observations: an environment file included in the package and a safety bypass flag.

Source
GitHub
Last Scanned
May 5, 2026
License
Not specified

Evidence Index

security4
best practices5
description2
evals1
structure5

Category

security

Environment file included in skill package

Vettd coreOWASP LLM02

Found assets/templates/bootstrap/version.env — should be excluded from distribution

1 disputed
fail

Safety bypass flag detected

Vettd coreOWASP LLM06

Detected in assets/templates/package_app.sh:182 — `CODESIGN_ARGS=(--force --sign "-")`

fail

No external URLs in skill definition

Vettd coreOWASP LLM07

SKILL.md and references/ files do not reference external URLs

pass

No prompt injection or jailbreak signals detected

Vettd core

Scanned text content for instruction override, jailbreak framing, credential solicitation, and embedded injection markers

pass

Category

best practices

No clear workflow structure

Vettd core

Consider adding numbered steps or a structured procedure for the agent to follow

warn

Examples included

Vettd core

Found code blocks, input/output samples, or an examples section — concrete samples help agents pattern-match effectively

pass

Progressive disclosure used

Vettd core

SKILL.md body references files in references/, scripts/, or assets/ — agents can load additional context on demand instead of consuming everything upfront

pass

SKILL.md body length is reasonable

Vettd core

93 lines (recommended: under 500)

pass

Validation loop referenced

Vettd core

Instructions for the agent to validate its own work before proceeding

pass

Category

description

Description includes usage context

Vettd core

Good: description explains when to activate the skill

pass

Description within character limit

Vettd core

248/1024 characters used

pass

Category

evals

No evaluation test cases

Vettd core

Add an evals/ directory with test prompts and expected outputs to measure skill quality

warn

Category

structure

No scripts/ directory

Vettd core

Consider bundling reusable scripts for validation and automation

info

assets/ directory present

Vettd core

Static resources (templates, schemas, etc.) found

pass

references/ directory present

Vettd core

Additional documentation files available for progressive disclosure

pass

SKILL.md present

Vettd core

Required skill definition file found

pass

Valid name field

Vettd core

Name "macos-spm-app-packaging" follows spec (lowercase, hyphens, ≤64 chars)

pass