Skills
skills/rudrankriyam/app-store-connect-cli-skills/asc-whats-new-writer/Gen Agent Trust Hub

asc-whats-new-writer

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using git to retrieve commit history and the asc CLI tool to manage App Store metadata. These operations are functional requirements for the skill's purpose.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it ingests untrusted data from git logs and user-provided text. This data is used to generate the 'What's New' text, which is eventually uploaded to the App Store.
  • Ingestion points: Git commit messages and user-provided descriptions in 'Phase 1: Gather Input'.
  • Boundary markers: No explicit delimiters or instructions are used to isolate the untrusted input from the agent's instructions or to warn the agent about embedded instructions.
  • Capability inventory: The skill has the capability to execute shell commands (git, asc) and perform updates to App Store metadata (write access).
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the input text before it is processed by the model to generate the release notes.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 02:48 PM