asc-apple-ads
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is centered around executing the
ascCLI tool to interact with Apple Ads services. It provides detailed workflows for authentication, resource discovery (campaigns, ad groups, apps), and mutations (creation, updates, and deletions). All destructive actions, such asasc ads campaigns delete, are documented to require the--confirmflag, and the instructions explicitly advise against mutating live accounts without user approval. - [DATA_EXPOSURE]: The skill references a sensitive file path at
$HOME/.asc/apple-ads-private-key.pemfor authentication purposes. This is standard configuration for theasctool when managing Apple Search Ads and is documented as a parameter for theasc ads auth logincommand. - [INDIRECT_PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its reliance on external JSON files for command payloads.
- Ingestion points: Multiple commands (e.g., in
SKILL.md) use the--fileflag to ingest JSON data for creating or updating campaigns and ad groups. - Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within these JSON files.
- Capability inventory: The skill can execute subprocesses (
asc), read local files, and perform network operations via the API. - Sanitization: No sanitization or validation of the ingested JSON content is mentioned.
- Note: This is an inherent risk of tools that process external configuration files and does not indicate malicious intent in the skill itself.
Audit Metadata