asc-aso-audit
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
ascCLI to fetch and manage App Store metadata. These operations are standard administrative tasks for App Store Connect management and are clearly documented for the user. - [EXTERNAL_DOWNLOADS]: Keyword popularity metrics and competitor data are retrieved via the Astro MCP service. This integration is a legitimate functional requirement for performing the skill's ASO keyword gap analysis and popularity scoring.
- [PROMPT_INJECTION]: The skill processes untrusted metadata content (such as descriptions and keywords) from local JSON files. While this represents an indirect prompt injection surface, the risk is minimized as the skill's logic is restricted to structured audits (e.g., character counting, token intersection) rather than open-ended text execution.
- Ingestion points:
metadata/app-info/{locale}.jsonandmetadata/version/{latest-version}/{locale}.json. - Boundary markers: None identified.
- Capability inventory: Includes
ascCLI commands and Astro MCP functions for keyword and competitor tracking. - Sanitization: Employs standard tokenization and length validation as part of its audit checks.
- [SAFE]: Accesses local, non-sensitive application-specific metadata files stored in the
./metadatadirectory. These files contain public-facing App Store information and do not expose system credentials, personal data, or private keys.
Audit Metadata