Skills
skills/tddworks/asc-cli-skills/asc-subscriptions/Gen Agent Trust Hub

asc-subscriptions

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the asc CLI tool to perform administrative operations on App Store subscriptions, such as creating groups and listing localizations in SKILL.md.
  • [DATA_EXPOSURE]: The instructions describe reading the application identifier from a local project configuration file (.asc/project.json), which is standard behavior for the asc utility to determine context.
  • [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by processing data from configuration files and CLI outputs. 1. Ingestion points: Untrusted data enters via .asc/project.json and asc command outputs (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution via asc, cat, and jq (SKILL.md). 4. Sanitization: Relies on structural extraction via jq but lacks explicit sanitization or escaping of the extracted values before they are used in subsequent command arguments.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 10:39 AM