axiom-shipping
Warn
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing an external dependency from a non-whitelisted source.
- Evidence:
skills/asc-mcp.mdinstructs the user to runmint install zelentsov-dev/asc-mcp@1.4.0. This downloads and installs an executable tool from a personal GitHub repository that is not part of the trusted vendors list. - [COMMAND_EXECUTION]: The skill instructs the agent to execute multiple local shell commands to perform diagnostics and management tasks.
- Evidence:
skills/asc-mcp.mdutilizesbrew,mint, and variousasc-mcptools.skills/testflight-triage.mdandskills/app-store-diag.mdusexcsym,atos,mdfind,grep, andcurlto process crash logs and verify URLs.- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and processing untrusted external data.
- Ingestion points:
skills/testflight-triage.md(tester comments in TestFlight feedback) andskills/app-store-diag.md(App Review rejection messages from the Resolution Center). - Boundary markers: The instructions do not specify strict boundary markers (like XML tags or delimiters) when reading or analyzing this external content.
- Capability inventory: The agent has the capability to execute shell commands (
xcsym,atos,grep,curl) and interact with the App Store Connect API via MCP tools (e.g.,reviews_create_response). - Sanitization: There is no evidence of sanitization or filtering of the content ingested from tester feedback or reviewer messages before it is processed by the agent.
- [CREDENTIALS_UNSAFE]: While the skill handles sensitive API keys, it follows safe practices by instructing the user to manage them via environment variables and local configuration files.
- Evidence:
skills/asc-mcp.mdguides the user to setASC_KEY_ID,ASC_ISSUER_ID, andASC_PRIVATE_KEY_PATHas environment variables for the MCP server.
Audit Metadata