triage-asc-issue
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches live issue data from GitHub and references documentation from an external site,
sosumi.ai. - [COMMAND_EXECUTION]: The skill instructs the agent to run the App Store Connect CLI for reproduction and to check
--helpoutput. - [PROMPT_INJECTION]: The skill processes untrusted data from GitHub issues and comments, which presents a risk of indirect prompt injection.
- Ingestion points: Reads issue body, comments, and linked PRs (File:
SKILL.md). - Boundary markers: None identified; the agent is not explicitly told to ignore instructions found within the fetched data.
- Capability inventory: Can execute CLI commands and interact with the local file system (docs, source, tests).
- Sanitization: The skill lacks explicit sanitization or validation of the content retrieved from external issues.
Audit Metadata