asc-apple-ads
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines various workflows that involve executing the
asc adsCLI tool to interact with Apple Ads services, which is the primary intended purpose of the skill. - [DATA_EXPOSURE]: The skill references sensitive file paths, specifically
~/.asc/apple-ads-private-key.pem, for the purpose of storing and accessing authentication keys required by theasc adsCLI for official API communication. - [INDIRECT_PROMPT_INJECTION]: The skill processes data from external JSON files via the
--fileargument, creating a potential surface for indirect prompt injection if the files contain untrusted instructions. - Ingestion points: Data enters the agent context through local JSON files (e.g.,
reporting-request.json,campaign.json) passed toasc adscommands inSKILL.md. - Boundary markers: No specific boundary markers or delimiters are used to wrap the file content or warn the agent about embedded instructions.
- Capability inventory: The skill possesses the capability to execute subprocess commands via the
asc adsCLI. - Sanitization: The instructions do not include explicit sanitization or validation of the file content before it is processed by the CLI tool.
Audit Metadata