Skills
skills/tddworks/asc-cli-skills/asc-appstore-release/Gen Agent Trust Hub

asc-appstore-release

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches the asc CLI binary directly from the author's official GitHub repository (github.com/tddworks/asc-cli). This is a vendor-owned resource used for the skill's primary function.
  • [COMMAND_EXECUTION]:
  • The setup-mas-certs.sh script executes openssl for cryptographic operations and security commands to interact with the macOS keychain for certificate management.
  • GitHub Action workflow templates include shell scripts that execute the asc CLI to perform App Store Connect operations.
  • [PROMPT_INJECTION]: The GitHub Action templates in references/workflow-template.md contain an indirect prompt injection surface.
  • Ingestion points: Workflow inputs such as version, build_number, and whats_new are interpolated into shell commands.
  • Boundary markers: Absent; inputs are placed directly into command-line arguments.
  • Capability inventory: The templates have the capability to execute shell commands and perform network requests via the asc CLI.
  • Sanitization: None detected; the templates rely on direct interpolation which could allow for command injection if inputs are maliciously crafted.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 06:21 AM