asc-signing-setup
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to bypass safety filters, override agent behavior, or extract system prompts were detected.
- [Data Exposure & Exfiltration] (SAFE): The skill references authentication via 'asc auth login' or environment variables (ASC_*), which are standard for this CLI. No hardcoded credentials or network requests to untrusted domains were found.
- [Indirect Prompt Injection] (LOW): The skill processes output from the 'asc' CLI, such as lists of bundle IDs or certificates. Maliciously named resources in an App Store Connect account could theoretically influence agent behavior, though the impact is limited by the tool's scope.
- Ingestion points: Output from 'asc bundle-ids list', 'asc certificates list', and 'asc profiles list' in SKILL.md.
- Boundary markers: Absent.
- Capability inventory: Execution of 'asc' CLI commands for resource creation and deletion.
- Sanitization: Absent.
- [Unverifiable Dependencies] (SAFE): The skill assumes the 'asc' CLI is pre-installed and does not attempt to download or install external packages during runtime.
Audit Metadata