asc-subscription-localization
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute the
ascCLI tool to interact with App Store Connect. It provides several command templates for listing, creating, and updating subscription and in-app purchase localizations (e.g.,asc subscriptions localizations create). - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it instructs the agent to interpolate user-provided display names and descriptions directly into shell commands.
- Ingestion points: User-provided strings for names and descriptions entering the agent's context during the localization workflow.
- Boundary markers: Shell command arguments are enclosed in double quotes (e.g.,
--name "Display Name"), which provide basic delimitation but do not prevent injection if the input contains escaped quotes or other shell special characters. - Capability inventory: The skill has command execution capabilities via the
asctool. - Sanitization: The instructions do not specify any validation or sanitization requirements for the content provided by the user before it is executed as part of a shell command.
Audit Metadata