asc-app-create-ui
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
ascCLI tool to perform actions like registering bundle IDs and viewing app details. App metadata provided by the user (Name, Bundle ID, SKU) is directly interpolated into these shell commands. This creates a risk of command injection if the metadata contains shell metacharacters. - [PROMPT_INJECTION]: The skill processes external data (app metadata) that could originate from untrusted sources. It lacks input validation or boundary markers to prevent the agent from interpreting instructions embedded within this data.
- Ingestion points: App metadata fields including Name, Bundle ID, and SKU in
SKILL.mdworkflows. - Boundary markers: None present; data is directly interpolated into prompts and commands.
- Capability inventory: Shell command execution via
ascCLI and full browser automation capabilities (Playwright/MCP). - Sanitization: No sanitization or escaping of metadata is specified before interpolation.
- [SAFE]: The skill interacts with the official App Store Connect domain (appstoreconnect.apple.com), which is a well-known and trusted technology service.
- [SAFE]: Safety guardrails are explicitly defined to prevent the export of authentication cookies and to ensure that browser sessions remain visible to the user.
Audit Metadata