app-store-deployment
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill utilizes several GitHub Actions to automate CI/CD workflows, including third-party actions such as 'r0adkll/upload-google-play@v1'. While these sources are outside the explicit trusted list provided in the framework, they are industry-standard tools for the skill's primary purpose. Severity is downgraded to LOW per the primary purpose rule and [TRUST-SCOPE-RULE].\n- PROMPT_INJECTION (LOW): Evaluated as an Indirect Prompt Injection surface (Category 8).\n
- Ingestion points: Project version information is read from 'package.json' using the 'jq' utility.\n
- Boundary markers: Absent; the shell script does not use delimiters or warnings to isolate the parsed data.\n
- Capability inventory: High; the environment includes build tools ('xcodebuild', 'gradlew') and file system modification capabilities ('mv', 'jq') that could be targets for an injection attack via a compromised 'package.json'.\n
- Sanitization: None; the script assumes the 'version' field contains a safe string for shell interpolation.\n- REMOTE_CODE_EXECUTION (SAFE): An automated scanner flagged 'proguard-rules.pro' as a malicious URL. Technical review confirms this is a false positive; the string refers to a standard local configuration file for the ProGuard/R8 tool in Android development, not an external network destination.\n- COMMAND_EXECUTION (SAFE): Employs standard build and deployment commands ('xcodebuild', 'gradlew', 'xcrun', 'keytool'). All executed binaries are necessary for the stated purpose of app store submission.\n- CREDENTIALS_UNSAFE (SAFE): No hardcoded credentials were detected. The skill correctly demonstrates the use of 'System.getenv' in Gradle and GitHub Secret references in YAML files to manage sensitive keys and passwords.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata