app-store-screenshots
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches app metadata and screenshot assets from trusted Apple services, including itunes.apple.com and mzstatic.com.
- [COMMAND_EXECUTION]: Provides automation scripts using Puppeteer to render and capture screenshots from a locally served HTML tool.
- [PROMPT_INJECTION]: Indirect prompt injection surface exists as the skill processes data from external App Store listings.
- Ingestion points: content from itunes.apple.com and apps.apple.com as identified in SKILL.md and itunes-api.md.
- Boundary markers: No explicit markers are used to delimit external metadata in processing prompts.
- Capability inventory: File system writing and network requests across Python and Node.js scripts.
- Sanitization: Relies on standard JSON parsing and specific regex patterns for asset URL identification.
Audit Metadata