skills/plyght/dotfiles/asc-iap-attach/Gen Agent Trust Hub

asc-iap-attach

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes Python's subprocess module to interact with the macOS security CLI for retrieving authentication cookies from the system Keychain. It also uses python3 -c to execute its logic, which is standard behavior for scripts of this nature.
  • [DATA_EXPOSURE]: The skill retrieves sensitive web session cookies (asc-web-session) from the macOS Keychain. This access is required to authenticate with Apple's internal 'iris' API. The skill demonstrates good security posture by explicitly instructing the agent never to print, log, or echo these cookies, and by ensuring they are only transmitted to the official appstoreconnect.apple.com domain.
  • [REMOTE_CODE_EXECUTION]: Automated scans flagged potential remote code execution; however, manual analysis confirms this is a false positive. The skill uses urllib.request to fetch JSON data from an official Apple API and parse it. No downloaded data is executed as code or passed to shell commands.
  • [PROMPT_INJECTION]: The skill processes data returned from external API calls (item names, IDs, and states).
  • Ingestion points: JSON responses from https://appstoreconnect.apple.com/iris/v1/.
  • Boundary markers: None used in the script output.
  • Capability inventory: Subprocess execution and network operations via urllib.
  • Sanitization: No explicit sanitization of the API-provided strings is performed, but as the data source is a trusted service provider (Apple), the risk of indirect prompt injection is negligible.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 05:02 AM
Security Audit — agent-trust-hub — asc-iap-attach