app-store-scraper
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The skill performs network requests to Apple-owned domains (itunes.apple.com, apps.apple.com, and search.itunes.apple.com) to retrieve metadata. Although these are legitimate API endpoints, they are not present on the predefined whitelist of trusted domains for automated agents.
- [PROMPT_INJECTION] (LOW): An indirect prompt injection surface is present as the skill processes external, untrusted data from the App Store. 1. Ingestion points: endpoints/reviews.md (fetches user reviews) and endpoints/app-lookup.md (fetches app descriptions). 2. Boundary markers: The provided examples do not demonstrate the use of delimiters or instructions to ignore embedded commands in the retrieved data. 3. Capability inventory: The skill utilizes shell execution for networking (curl) and data parsing (jq). 4. Sanitization: No evidence of sanitization or filtering of retrieved content is included in the documentation.
- [COMMAND_EXECUTION] (LOW): The skill documentation relies on shell command execution. Examples in endpoints/developer.md demonstrate variable interpolation (e.g., ${DEV_ID}) into curl commands. If an agent dynamically populates these variables with unsanitized user input, it could potentially lead to command injection.
Audit Metadata