Skills
skills/tddworks/asc-cli-skills/asc-app-shots/Gen Agent Trust Hub

asc-app-shots

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the asc CLI and jq utility to orchestrate App Store Connect operations, including metadata retrieval and asset generation.- [PROMPT_INJECTION]: The skill incorporates external app metadata (name, subtitle, description) into the image generation prompts for Gemini, creating an indirect prompt injection surface.
  • Ingestion points: Metadata is fetched from App Store Connect via asc commands as defined in SKILL.md.
  • Boundary markers: No delimiters or instructions are used to separate external text from prompt instructions in the ScreenPlan templates.
  • Capability inventory: The skill performs shell execution, file system writes, and interacts with external image generation APIs.
  • Sanitization: External text is summarized but not escaped or validated before being interpolated into prompts.- [EXTERNAL_DOWNLOADS]: The generated HTML output references the html-to-image library from a public CDN to provide client-side PNG export capabilities.- [EXTERNAL_DOWNLOADS]: The use of swift run asc as a fallback execution method may involve the resolution and download of external Swift dependencies at runtime.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 06:21 AM