The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill provides instructions to read and display the contents of .env files using commands like cat <APP_DIR>/.env. These files are explicitly stated to contain sensitive information such as Clerk API keys (pk_live_...).
[COMMAND_EXECUTION]: The skill relies on several powerful command-line operations to perform builds, including npm install, npx expo prebuild, and xcodebuild. These commands give the agent significant control over the local development environment and file system.
[EXTERNAL_DOWNLOADS]: The use of npm install and npx involves fetching and executing third-party code from external package registries. The skill does not specify version pinning or integrity verification for these dependencies.
[PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection (Category 8) because it processes external data from local source files (grep on source code) and interacts with the App Store Connect web interface via a browser extension. Malicious content in these external sources could potentially influence the agent's subsequent actions.
Ingestion points: cat <APP_DIR>/app.json, grep on source code, and browser interaction with appstoreconnect.apple.com.
Boundary markers: None present in the instructions to prevent the agent from following instructions found within the files or web pages it reads.
Capability inventory: File system access (read/write), command execution (xcodebuild, npm), and network access via the browser.
Sanitization: No sanitization or validation is mentioned for the content read from files or the web.

ios-app-store-submission