asc-testflight-orchestration
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No malicious bypass attempts or direct injection instructions were found in the skill content.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file paths were detected; the tool uses standard arguments for app management.
- Indirect Prompt Injection (LOW): The skill possesses an indirect prompt injection surface because it interpolates user-provided text into command arguments. 1. Ingestion points: The '--whats-new' and '--email' arguments in SKILL.md. 2. Boundary markers: No delimiters or warnings are used for interpolated data. 3. Capability inventory: The skill utilizes the 'asc' CLI tool for network-based write operations to Apple services. 4. Sanitization: No sanitization or validation of input data is documented within the skill.
Audit Metadata