asc-whats-new-writer

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from git history and user input to generate release notes.
  • Ingestion points: Git log output (git log ...), user bullet points, and conversational text input in SKILL.md.
  • Boundary markers: The skill does not define clear boundaries or provide instructions to the agent to treat the processed data as potentially malicious instructions.
  • Capability inventory: The agent is instructed to execute git and asc CLI commands (in SKILL.md), including uploading data to App Store Connect.
  • Sanitization: No sanitization or escaping mechanisms are specified for the input data before it is used to generate the asc command parameters.
  • [COMMAND_EXECUTION]: The skill constructs shell commands that incorporate text generated from external sources, presenting a risk of command injection.
  • Evidence: Instructions in Phase 4 of SKILL.md describe running asc apps info edit --whats-new "..." where the content is derived from git logs.
  • Context: While the skill includes a manual approval step (Step 2: Wait for Approval), the lack of programmatic sanitization instructions for the LLM remains a structural weakness.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 08:50 AM
Security Audit — agent-trust-hub — asc-whats-new-writer