asc-shots-pipeline
Warn
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the
kouboupackage (version 0.18.1) viapip. This is a third-party dependency not provided by a trusted vendor. - [COMMAND_EXECUTION]: Extensively uses shell commands for building iOS applications (
xcodebuild), managing simulators (xcrun simctl), and orchestrating workflows (ascCLI). - [EXTERNAL_DOWNLOADS]: Includes instructions to run
kou setup-frames, a command that performs network operations to download device frame assets from the internet. - [DATA_EXFILTRATION]: Contains commands to upload screenshots to remote services via
asc screenshots upload. While this is the intended functionality for App Store Connect integration, it involves outbound network transmission of local data. - [COMMAND_EXECUTION]: The skill provides complex bash scripts for parallel execution and multi-locale capture, which involve spawning multiple background processes and shell environments.
Audit Metadata