asc-crash-triage
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
asccommand-line utility to perform its primary functions, including listing applications, fetching crash reports, and downloading performance diagnostics. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to process and summarize beta tester feedback via
asc testflight feedback list. This ingestion of untrusted external data presents a theoretical surface for indirect prompt injection if malicious instructions are embedded in tester feedback. - Ingestion points: Data returned from
asc testflight feedback list. - Boundary markers: Absent; the skill does not define specific delimiters for external feedback content.
- Capability inventory: Use of
ascCLI for metadata and crash retrieval; local file write capabilities viaasc performance download. - Sanitization: No explicit sanitization or filtering of the feedback strings is mentioned in the workflow.
Audit Metadata