sync-asc-skills
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs a checkout of the
rorkai/app-store-connect-cli-skillsrepository to audit its contents for drift. This repository belongs to the skill's author. - [COMMAND_EXECUTION]: The skill executes the
asc(App Store Connect) command-line interface to retrieve help text, schemas, and capabilities to verify current CLI behavior. - [PROMPT_INJECTION]: The skill ingests data from external sources (repository files and CLI outputs), which establishes a surface for indirect prompt injection.
- Ingestion points: Content from the
rorkai/app-store-connect-cli-skillsrepository and outputs from theascCLI tool inSKILL.md. - Boundary markers: The instructions do not define specific delimiters or instructions for the agent to ignore potentially malicious content embedded in the audited data.
- Capability inventory: The skill has the ability to execute shell commands (
asc), access the file system (git clone, file modifications), and interact with Git to open pull requests. - Sanitization: No explicit validation or escaping mechanisms are mentioned for the external data ingested during the audit process.
Audit Metadata