asc-cli
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation instructs the user to install the
ascCLI tool via Homebrew from the author's tap (tddworks/tap/asccli). This involves downloading and installing external executable code onto the system. - [DATA_EXFILTRATION]: The skill provides examples for authenticating the CLI tool using sensitive API credentials and private key files (e.g.,
~/.asc/AuthKey_XXXXXX.p8). While these are necessary for the tool's operation, they represent access to highly sensitive security assets. - [COMMAND_EXECUTION]: The skill's primary functionality is achieved by executing the
asccommand-line utility with various arguments to manage App Store resources. - [PROMPT_INJECTION]: The skill instructions define an 'affordances' mechanism where the agent is encouraged to execute commands provided directly in the tool's JSON output. This creates a surface for Indirect Prompt Injection, as data retrieved from external App Store Connect APIs could theoretically contain malicious command strings that the agent would then execute.
- Ingestion points: JSON responses from
ascCLI commands (e.g.,asc apps list) containing anaffordancesfield. - Boundary markers: Absent; the agent is explicitly told to 'Always use these instead of constructing commands manually'.
- Capability inventory: The
asctool can perform a wide range of actions including listing/creating versions, uploading builds, and managing TestFlight users. - Sanitization: There is no evidence of sanitization or verification performed on the commands retrieved from the tool's output before they are executed.
Audit Metadata