explore-app-store
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches data from Apple's iTunes Search and Lookup APIs and Sensor Tower's public app intelligence endpoints. These are well-known and legitimate services for mobile application metadata.
- [COMMAND_EXECUTION]: The skill is designed for local execution of Python scripts (
scripts/explore.py) to perform tasks like keyword sweeps, chart analysis, and asset downloading. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection. It processes untrusted data (app names, developer names, and descriptions) retrieved from external APIs and interpolates them into markdown reports (
brief.mdanddetails.md) which the agent may subsequently interpret as instructions. - Ingestion points: Untrusted data enters the context from
itunes.apple.comandapp.sensortower.comviascripts/appstore.py. - Boundary markers: The skill does not use boundary markers or "ignore instructions" delimiters when writing external app descriptions into markdown files.
- Capability inventory: The skill's primary capabilities involve network requests using the Python standard library and writing results to the local file system. No arbitrary code execution (eval/exec) or system-level privilege escalation was detected.
- Sanitization: There is no evidence of validation or sanitization of external metadata before it is rendered into output files.
Audit Metadata