asc-whats-new-writer
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) by processing untrusted data from git log output and user-provided text. Malicious instructions within these inputs could potentially manipulate the AI to include unwanted content in the generated release notes.
- Ingestion points: git log output, user-provided bullet points, and free text (SKILL.md).
- Boundary markers: Absent; the instructions do not use delimiters or instructions to ignore embedded commands.
- Capability inventory: Executes git commands and the asc CLI tool to interact with App Store Connect.
- Sanitization: Absent; no verification or cleaning of input text is performed before processing.
- [COMMAND_EXECUTION]: The skill utilizes shell commands including git and the asc CLI tool. While these are necessary for its stated purpose of managing App Store metadata, they provide a execution capability that could be targeted if an injection attack were successful.
Audit Metadata