Skills
skills/tddworks/asc-cli-skills/asc-customer-reviews/Gen Agent Trust Hub

asc-customer-reviews

Warn

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the asc command-line utility to perform administrative tasks on the App Store, including listing reviews and managing developer responses.
  • [CREDENTIALS_UNSAFE]: The documentation references and requires access to a sensitive App Store Connect API private key file located at ~/.asc/AuthKey.p8 for authentication.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted customer review text.
  • Ingestion points: Untrusted data enters the agent context through the asc reviews list and asc reviews get commands in SKILL.md.
  • Boundary markers: There are no boundary markers or instructions to separate review content from instructions.
  • Capability inventory: The skill has the capability to execute state-changing commands like asc review-responses create and asc review-responses delete as described in SKILL.md.
  • Sanitization: The skill does not implement any visible sanitization or validation of the customer-provided text before processing or responding.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 14, 2026, 06:21 AM