app-store-deployment
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The GitHub Actions configuration section includes a command using
sudo(sudo xcodebuild -license accept). While standard for accepting licenses in CI/CD runners, the use of elevated privileges in automated scripts is a potential security concern if the environment is compromised. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill references external GitHub Actions (
actions/checkout@v4andr0adkll/upload-google-play@v1). These actions represent code fetched and executed from remote repositories at runtime. Ther0adkllorganization is not on the trusted sources list, making this an unverifiable external dependency. - [CREDENTIALS_UNSAFE] (SAFE): The skill follows best practices for credential management by using environment variables (
$APPLE_ID) and GitHub Secrets (${{ secrets.APPLE_ID }}) instead of hardcoding sensitive information. It also uses placeholders (****) for local properties files.
Audit Metadata