asc-workflow

SUSPICIOUS: the skill is internally coherent for repo-local release automation, but it grants a workflow engine arbitrary shell execution and can trigger real App Store release actions through an unofficial third-party `asc` CLI. No clear credential theft or exfiltration is shown, so this is not malware; risk is mainly from shell-capable automation plus third-party CLI trust.