axiom-app-store-connect-ref
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is strictly a reference document for Apple's App Store Connect platform. It does not include executable scripts or instructions that bypass safety protocols.
- [DATA_EXFILTRATION]: While the skill mentions data export and API usage, it refers exclusively to official Apple domains and services (e.g., appstoreconnect.apple.com). It uses placeholders for application IDs and API keys, adhering to best practices for documentation.
- [COMMAND_EXECUTION]: Provides standard command-line examples for local crash symbolication using macOS developer utilities (atos, mdfind, grep). These examples are provided for educational purposes and do not facilitate unauthorized execution or persistence.
- [PROMPT_INJECTION]: The skill documents workflows for analyzing external data (crash logs, TestFlight feedback), which is a surface for indirect prompt injection. This is associated with the intended primary purpose of the skill.
- Ingestion points: External crash logs (.ips, .crash files) and TestFlight feedback submissions (comments, screenshots) described in SKILL.md.
- Boundary markers: No specific boundary markers or 'ignore instructions' warnings are defined in this reference.
- Capability inventory: Mentions the crash-analyzer agent and /axiom:analyze-crash command, along with MCP tools like reviews_create_response and metrics_get_diagnostic_logs.
- Sanitization: No sanitization or validation steps are provided for the external content.
Audit Metadata