explore-app-store

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches data from Apple's iTunes Search and Lookup APIs and Sensor Tower's public app intelligence endpoints. These are well-known and legitimate services for mobile application metadata.
  • [COMMAND_EXECUTION]: The skill is designed for local execution of Python scripts (scripts/explore.py) to perform tasks like keyword sweeps, chart analysis, and asset downloading.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection. It processes untrusted data (app names, developer names, and descriptions) retrieved from external APIs and interpolates them into markdown reports (brief.md and details.md) which the agent may subsequently interpret as instructions.
  • Ingestion points: Untrusted data enters the context from itunes.apple.com and app.sensortower.com via scripts/appstore.py.
  • Boundary markers: The skill does not use boundary markers or "ignore instructions" delimiters when writing external app descriptions into markdown files.
  • Capability inventory: The skill's primary capabilities involve network requests using the Python standard library and writing results to the local file system. No arbitrary code execution (eval/exec) or system-level privilege escalation was detected.
  • Sanitization: There is no evidence of validation or sanitization of external metadata before it is rendered into output files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 12:09 PM
Security Audit — agent-trust-hub — explore-app-store