asc-iap-attach
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes Python's
subprocessmodule to interact with the macOSsecurityCLI for retrieving authentication cookies from the system Keychain. It also usespython3 -cto execute its logic, which is standard behavior for scripts of this nature. - [DATA_EXPOSURE]: The skill retrieves sensitive web session cookies (
asc-web-session) from the macOS Keychain. This access is required to authenticate with Apple's internal 'iris' API. The skill demonstrates good security posture by explicitly instructing the agent never to print, log, or echo these cookies, and by ensuring they are only transmitted to the officialappstoreconnect.apple.comdomain. - [REMOTE_CODE_EXECUTION]: Automated scans flagged potential remote code execution; however, manual analysis confirms this is a false positive. The skill uses
urllib.requestto fetch JSON data from an official Apple API and parse it. No downloaded data is executed as code or passed to shell commands. - [PROMPT_INJECTION]: The skill processes data returned from external API calls (item names, IDs, and states).
- Ingestion points: JSON responses from
https://appstoreconnect.apple.com/iris/v1/. - Boundary markers: None used in the script output.
- Capability inventory: Subprocess execution and network operations via
urllib. - Sanitization: No explicit sanitization of the API-provided strings is performed, but as the data source is a trusted service provider (Apple), the risk of indirect prompt injection is negligible.
Audit Metadata