[biot]

Are the plugins run in any kind of sandbox? Is there any security review performed on plugins other users submit?

[lstamour]

Apple doesn't sanction Xcode plugins and I'm pretty sure Xcode itself isn't sandboxed once you enter your developer password. I'm not sure of the details though.

As to the security review or process, perhaps badging -- that sounds like a good feature request. I'll bet there's an issue tracker... ;-)

[iloveponies]

Of course not. It's open source, nobody would do anything malicious right?