asc-shots-pipeline

Warn

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the koubou package (version 0.18.1) via pip. This is a third-party dependency not provided by a trusted vendor.
  • [COMMAND_EXECUTION]: Extensively uses shell commands for building iOS applications (xcodebuild), managing simulators (xcrun simctl), and orchestrating workflows (asc CLI).
  • [EXTERNAL_DOWNLOADS]: Includes instructions to run kou setup-frames, a command that performs network operations to download device frame assets from the internet.
  • [DATA_EXFILTRATION]: Contains commands to upload screenshots to remote services via asc screenshots upload. While this is the intended functionality for App Store Connect integration, it involves outbound network transmission of local data.
  • [COMMAND_EXECUTION]: The skill provides complex bash scripts for parallel execution and multi-locale capture, which involve spawning multiple background processes and shell environments.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 14, 2026, 08:50 AM
Security Audit — agent-trust-hub — asc-shots-pipeline