asc-release-flow
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill's instructions are entirely consistent with its stated purpose of automating App Store Connect workflows. No evidence of prompt injection, obfuscation, or unauthorized data access was found.\n- [COMMAND_EXECUTION]: The skill is designed around the execution of the "asc" CLI tool. It provides specific command patterns for validating builds, updating app metadata, and managing App Store submissions. This is the expected and legitimate behavior for a release management skill.\n- [DATA_EXPOSURE_&_EXFILTRATION]: The skill references the use of App Store Connect credentials, such as API keys or session data, via environment variables or a login command. These are standard requirements for interacting with Apple's services and are handled in accordance with typical CLI tool patterns without any signs of exfiltration.\n- [INDIRECT_PROMPT_INJECTION]: The skill uses local metadata files as input for the release process, which represents a potential attack surface if those files were to contain malicious instructions. However, the instructions guide the agent to use these files as data for tool arguments, not as sources for its own logic.\n
- Ingestion points: Files within the user-provided
--metadata-dir.\n - Boundary markers: None explicitly mentioned.\n
- Capability inventory: Subprocess execution of the "asc" CLI tool for app management and submission.\n
- Sanitization: No explicit sanitization of metadata file content is described in the skill.
Audit Metadata