The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires installing a third-party MCP server from an unverified GitHub repository (zelentsov-dev/asc-mcp) using the mint package manager, which involves downloading and executing code from an external source.\n- [CREDENTIALS_UNSAFE]: Setup instructions guide the user to input highly sensitive App Store Connect API credentials (Key ID, Issuer ID, and private .p8 key) into environment variables and local configuration files, posing a risk of credential exposure.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by fetching and processing user-generated app reviews.\n
Ingestion points: The reviews_list tool (fetches external review text from App Store Connect).\n
Boundary markers: None (no delimiters or instructions are provided to the agent to treat review content as data rather than instructions).\n
Capability inventory: Capability to respond to reviews via reviews_create_response and perform account-level actions like submitting builds for review.\n
Sanitization: No evidence of sanitization, filtering, or validation of the fetched review data before it enters the agent's context.

axiom-asc-mcp