asc-workflow
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of local 'asc' (App Store Connect) commands and shell scripts defined in a repository-local JSON file.
- These commands are for automation tasks like build validation, TestFlight distribution, and App Store submission.
- Execution is restricted to the 'asc' CLI tool installed on the user's system.
- [SAFE]: The documentation includes explicit safety guidelines, such as advising users to treat workflow files as code and to only run trusted files from version control.
- [DATA_EXPOSURE_SURFACE]: The skill uses environment variables and parameters for sensitive IDs (APP_ID, GROUP_ID) but explicitly warns against mapping secrets into persisted step outputs.
Audit Metadata