Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
|
|
||
| ## Installation | ||
|
|
||
| [](https://www.agentaudit.dev/skills/xcodebuildmcp) |
There was a problem hiding this comment.
Unverified external service badge links to unknown domain
Medium Severity
The badge links to agentaudit.dev, an external third-party service with limited web presence and no verifiable connection to established security auditing organizations. Adding a "Safe" security badge from an unverified source to the project README could mislead users into a false sense of security and lends the project's reputation to promote a third-party service. This pattern (unsolicited PRs adding third-party badges) is a known social engineering vector for building credibility for new services.
Triggered by project rule: Bugbot Review Guide for XcodeBuildMCP
1 participant
AgentAudit Security Badge
This PR adds a security badge from AgentAudit, an open security registry for AI packages.
Your package has been officially audited by AgentAudit and received a Safe rating with no security findings.
🔗 View full audit report
What is AgentAudit?
AgentAudit is a transparency-first security registry that audits MCP servers, AI skills, and agent packages. Our audits use a 3-pass methodology (understand → detect → classify) to minimize false positives while catching real vulnerabilities.