asc-subscription-localization
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides instructions and shell command examples for using the 'asc' CLI tool to manage App Store Connect localizations. All operations are consistent with the skill's stated purpose of bulk-localizing subscription metadata.
- [COMMAND_EXECUTION]: The skill uses the 'asc' command-line interface to interact with App Store Connect services. These commands are standard for this task and do not involve unauthorized privilege escalation or suspicious execution patterns.
- [DATA_EXPOSURE]: The skill mentions the use of environment variables (e.g., 'ASC_APP_ID', 'ASC_*') for authentication. This is a standard and safe practice for CLI tool configuration compared to hardcoding secrets.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests user-provided text for 'name' and 'description' fields which are then used in CLI commands. While this is an ingestion surface, the context is limited to Apple's App Store Connect API parameters, representing a standard operational risk handled by the underlying agent and CLI tool.
Audit Metadata