asc-localize-metadata

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill uses the established 'asc' CLI tool for all interactions with App Store Connect. It does not attempt to exfiltrate credentials or execute unauthorized code. All external dependencies mentioned are expected for the stated functionality.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes metadata from external sources (App Store Connect) for translation. However, it implements best practices to mitigate this risk.
  • Ingestion points: Metadata is ingested via asc localizations download and individual asc list commands in SKILL.md.
  • Boundary markers: The LLM translation prompt template in SKILL.md uses """ (triple quotes) to wrap source metadata fields, helping the LLM distinguish data from instructions.
  • Capability inventory: The skill uses asc localizations upload and asc apps info edit to modify remote data.
  • Sanitization: Explicit character length validation (e.g., 30 for name/subtitle, 4000 for description) is enforced before any data is uploaded.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 08:50 AM
Security Audit — agent-trust-hub — asc-localize-metadata