asc-ppp-pricing
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of the asc CLI tool for administrative tasks such as subscription setup and pricing management. This is the intended and legitimate primary purpose of the skill.
- [CREDENTIALS_UNSAFE]: The skill correctly recommends managing credentials via environment variables (ASC_*) or CLI-native login commands. No hardcoded API keys, tokens, or other sensitive credentials were found in the instructions.
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection where untrusted data from a CSV file (e.g., ./ppp-prices.csv) is ingested via the --input flag. While used for pricing data, this represents a point where malicious data could enter the agent's context.
- Ingestion points: ./ppp-prices.csv (referenced in SKILL.md)
- Boundary markers: Absent
- Capability inventory: Shell command execution via the asc CLI across multiple pricing workflows
- Sanitization: Absent; the skill relies on the asc CLI tool to validate input data.
- [SAFE]: No obfuscation, persistence mechanisms, or unauthorized network operations were detected. The skill's behavior is consistent with its stated purpose of assisting with App Store pricing strategy.
Audit Metadata