asc-crash-triage

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the asc command-line utility to perform its primary functions, including listing applications, fetching crash reports, and downloading performance diagnostics.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to process and summarize beta tester feedback via asc testflight feedback list. This ingestion of untrusted external data presents a theoretical surface for indirect prompt injection if malicious instructions are embedded in tester feedback.
  • Ingestion points: Data returned from asc testflight feedback list.
  • Boundary markers: Absent; the skill does not define specific delimiters for external feedback content.
  • Capability inventory: Use of asc CLI for metadata and crash retrieval; local file write capabilities via asc performance download.
  • Sanitization: No explicit sanitization or filtering of the feedback strings is mentioned in the workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 08:50 AM
Security Audit — agent-trust-hub — asc-crash-triage