The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The skill executes various macOS development tools (security, codesign, xcodebuild, xcrun) required for the notarization process. These are the primary and intended functions of the skill.
Evidence: Commands like security find-identity and xcodebuild archive are standard for macOS app distribution.
[DATA_EXFILTRATION] (SAFE): The skill interacts with the macOS keychain to sign binaries locally. It does not attempt to exfiltrate private keys or credentials to external servers.
Evidence: Certificate handling is restricted to local verification and signing operations.
[EXTERNAL_DOWNLOADS] (LOW): A curl command is used to download notarization logs for debugging purposes. This is a common troubleshooting practice for developers.
Evidence: curl -sL "LOG_URL" | python3 -m json.tool in the troubleshooting section. The content is formatted but not executed.
[PROMPT_INJECTION] (SAFE): No instructions designed to override agent behavior or safety protocols were found in the file content.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests a log URL from the output of a previous command. This is documented as a surface for indirect injection, though the usage here (piping to a JSON formatter) is benign.
Ingestion points: LOG_URL placeholder in Step 5.
Boundary markers: None.
Capability inventory: curl network access, python3 execution.
Sanitization: None, though json.tool effectively prevents execution of the downloaded content.

asc-notarization