Skills
skills/dylanfeltus/skills/appstore-intel/Gen Agent Trust Hub

appstore-intel

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFE
Full Analysis
  • [Category 2] Data Exposure & Exfiltration (SAFE): The skill performs network requests using web_fetch to itunes.apple.com and play.google.com. These operations are limited to fetching public app metadata and do not involve sensitive user data or hardcoded credentials. \n- [Category 8] Indirect Prompt Injection (LOW): The skill ingests untrusted data from app descriptions and reviews. While this presents an attack surface for indirect prompt injection, the risk is mitigated by the skill's limited capabilities, which are restricted to data retrieval and display. \n
  • Ingestion points: web_fetch calls to iTunes API and Google Play HTML pages in SKILL.md. \n
  • Boundary markers: Not explicitly implemented in the provided logic. \n
  • Capability inventory: Restricted to web_fetch and web_search for data retrieval. \n
  • Sanitization: No specific sanitization or escaping of fetched metadata is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 02:01 PM