asc-cli-usage
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill explicitly lists sensitive environment variables used for App Store Connect authentication, such as
ASC_PRIVATE_KEY,ASC_PRIVATE_KEY_B64,ASC_KEY_ID, andASC_ISSUER_ID. This documentation provides a roadmap for an attacker to target specific secrets for exfiltration via prompt injection or environment dumping. - [COMMAND_EXECUTION] (MEDIUM): The skill's primary purpose is to instruct the agent to execute system commands (
asc). This introduces risks of command injection if the agent attempts to interpolate untrusted user input or external data into the CLI flags (e.g., app names or build IDs). - [INDIRECT_PROMPT_INJECTION] (HIGH): The skill is designed to process external data returned from the App Store Connect API.
- Ingestion points: CLI output from
asc(fetched from Apple's servers). - Boundary markers: Absent. There are no instructions to treat CLI output as untrusted data or use delimiters.
- Capability inventory: The skill possesses the capability to execute system commands and access sensitive authentication tokens.
- Sanitization: None. The agent is encouraged to parse various output formats (JSON, Table, Markdown) directly.
- [EXTERNAL_DOWNLOADS] (LOW): While the skill does not provide a download command, it assumes the presence of a third-party CLI tool (
asc) that is not part of the standard environment, representing an unverifiable dependency.
Recommendations
- AI detected serious security threats
Audit Metadata