Skills
skills/keep-starknet-strange/starkclaw/app-store-review-aso/Gen Agent Trust Hub

app-store-review-aso

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to run local Python scripts (validate_store_readiness.py and generate_metadata_templates.py) to automate readiness checks and metadata creation. These scripts are intended to run within the local project environment.
  • [DATA_EXPOSURE]: The validation commands access the local filesystem (--root .) to audit project compliance and generate metadata files. This access is limited to the local workspace and aligned with the skill's purpose.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing local project data. Ingestion points: Local files accessed via the --root . path in the validation script. Boundary markers: None explicitly defined in the instructions to separate code data from agent instructions. Capability inventory: Execution of local Python scripts and file writes to the docs/store/ directory. Sanitization: No specific sanitization or validation logic is defined for the ingested project content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 04:59 AM