asc-release-flow

SUSPICIOUS: the skill’s capabilities mostly align with App Store release management, and requested data is proportionate, but it routes sensitive App Store Connect operations and credentials through a third-party `asc` CLI, including experimental web-session flows. That makes it higher-trust than an Apple-official workflow and introduces medium security risk, though there is no clear evidence of malware or unrelated credential harvesting in the skill itself.