Skills
skills/tddworks/asc-cli-skills/asc-game-center/Gen Agent Trust Hub

asc-game-center

Fail

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill documentation explicitly instructs the agent to access a sensitive App Store Connect private key at ~/.asc/AuthKey.p8. Exposing such file paths to an AI agent poses a high risk of credential exposure and unauthorized use.
  • [PROMPT_INJECTION]: The skill uses an 'affordances' pattern to dynamically execute commands extracted from JSON responses, creating a surface for indirect prompt injection. 1. Ingestion points: JSON output from the asc CLI. 2. Boundary markers: none. 3. Capability inventory: execution of asc commands for resource creation and deletion. 4. Sanitization: none.
  • [COMMAND_EXECUTION]: The skill's workflow relies on executing the asc CLI tool and using jq to process data for dynamic command generation, which expands the potential impact of malicious input.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 14, 2026, 06:21 AM