Skills
skills/tddworks/asc-cli-skills/asc-app-clips/Gen Agent Trust Hub

asc-app-clips

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed to manage App Store Connect resources by executing subcommands through the asc CLI tool.
  • [DATA_EXFILTRATION]: The authentication instructions reference a sensitive file path (~/.asc/AuthKey.p8) for accessing an App Store Connect private key. Accessing such local credential paths represents a potential data exposure surface.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection when processing data returned by the external asc CLI tool.
  • Ingestion points: Output from various asc list and create commands is ingested into the agent context.
  • Boundary markers: There are no explicit markers or instructions to treat tool output as potentially malicious data.
  • Capability inventory: The skill provides capabilities to list, create, and delete default experiences and localizations for App Clips.
  • Sanitization: No validation or sanitization is performed on the data retrieved from the CLI tool before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 06:21 AM