Skills
skills/rudrankriyam/app-store-connect-cli-skills/asc-shots-pipeline/Gen Agent Trust Hub

asc-shots-pipeline

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the koubou Python package (version 0.18.1) and uses the kou setup-frames command to download device frame assets. These are legitimate requirements for the screenshot framing process.\n- [COMMAND_EXECUTION]: Orchestrates shell commands for xcodebuild, xcrun simctl, and developer tools such as axe and asc to automate the build, test, and capture workflow.\n- [DATA_EXFILTRATION]: Facilitates the upload of screenshots to App Store Connect via the asc screenshots upload command. This network operation is the primary purpose of the skill and targets official developer services.\n- [PROMPT_INJECTION]: The skill ingests UI hierarchy data using axe describe-ui, creating a surface for potential indirect prompt injection from application content.\n
  • Ingestion points: UI elements and metadata captured from the iOS simulator via the axe tool.\n
  • Boundary markers: None identified in the provided command sequences.\n
  • Capability inventory: Execution of shell commands for building, running, and managing simulator environments, as well as network uploads via CLI tools.\n
  • Sanitization: No explicit sanitization or validation of the ingested UI data is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 05:18 PM