app-store-reviews
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): Indirect Prompt Injection Surface. The core functionality of this skill involves the agent ingesting and acting upon App Store reviews, which are untrusted external strings.
- Ingestion points:
references/analysis-prompts.mdandreferences/reply-templates.mddefine how the agent should read and respond to reviews. - Boundary markers: The provided prompts do not utilize delimiters (like XML tags or triple quotes) or specific 'ignore instructions within data' directives when processing review text.
- Capability inventory: The agent is designed to perform sentiment analysis, theme extraction, and generate automated replies to the public App Store via the App Store Connect API (documented in
references/apple-endpoints.md). - Sanitization: There is no evidence of sanitization or filtering of the review body before it is passed to the LLM for classification or reply generation, creating a risk that malicious instructions in a review could influence the agent's output or behavior.
- Data Exposure & Exfiltration (SAFE): While
references/apple-endpoints.mddescribes the use of sensitive credentials (JWTs and.p8private keys), it uses safe placeholders (e.g.,XXXXXX,ISSUER_ID) and standard implementation patterns for legitimate API integration. No hardcoded secrets were found.
Audit Metadata