app-store-screenshots

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] This skill appears coherent and consistent with its stated purpose: research, build/export, localize, and upload App Store screenshots. The network endpoints and operations are appropriate and point to official Apple services and common tooling (Puppeteer, html2canvas). The primary security considerations are expected: protecting the App Store Connect private key (.p8), being cautious about using third-party CDNs for javascript (html2canvas), and the supply-chain risk associated with installing Puppeteer/npm dependencies. No malicious behavior or hidden credential exfiltration was found in the provided content. LLM verification: The described automation aligns with end-to-end App Store screenshot workflows, including data ingestion from public APIs, local asset generation, localization, and ASC uploads. While the workflow is powerful and potentially sensitive (credential usage, extensive external data access), it is not inherently malicious. Key risk controls should include secure credential handling, restricted network access, explicit user consent for automated uploads, and auditing of actions. Treat as SUSPICIOUS-to-