asc-review-detail
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the 'asc' CLI tool to interact with App Store Connect services, including workflows that pass sensitive data like demo account credentials through command-line arguments.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists in the 'CAEOAS Affordances' section where the agent is instructed to execute command strings dynamically using 'eval' on data fetched from previous tool calls. • Ingestion points: Data is ingested from the 'asc versions list' command. • Boundary markers: No boundary markers or delimiters are present to protect against malicious instructions embedded in the tool output. • Capability inventory: The skill has the capability to execute shell commands via 'eval' and the 'asc' CLI. • Sanitization: There is no evidence of validation or sanitization of the command strings extracted from JSON fields before execution.
Audit Metadata