asc-app-create-ui
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): No instructions designed to bypass agent constraints or safety protocols were detected. The skill uses standard instructional language for task completion.
- [DATA_EXFILTRATION] (SAFE): The skill interacts with the sensitive App Store Connect portal but explicitly includes a safety guardrail forbidding the export or storage of browser cookies. No unauthorized network requests or hardcoded credentials were found.
- [COMMAND_EXECUTION] (SAFE): The skill utilizes a CLI utility (
asc) to manage app resources. The commands are standard for the tool's purpose and do not involve suspicious shell piping or execution of downloaded scripts. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data (app names, SKU strings) which are then used in shell commands and browser automation. This creates a standard attack surface where malicious input could attempt to influence the CLI tool or browser state. The skill mitigates this by providing structured workflows and explicit instructions for the agent to handle fields carefully.
Audit Metadata