asc-workflow

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates the execution of local 'asc' (App Store Connect) commands and shell scripts defined in a repository-local JSON file.
  • These commands are for automation tasks like build validation, TestFlight distribution, and App Store submission.
  • Execution is restricted to the 'asc' CLI tool installed on the user's system.
  • [SAFE]: The documentation includes explicit safety guidelines, such as advising users to treat workflow files as code and to only run trusted files from version control.
  • [DATA_EXPOSURE_SURFACE]: The skill uses environment variables and parameters for sensitive IDs (APP_ID, GROUP_ID) but explicitly warns against mapping secrets into persisted step outputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 08:50 AM
Security Audit — agent-trust-hub — asc-workflow