Skills
skills/tddworks/asc-cli-skills/asc-users/Gen Agent Trust Hub

asc-users

Fail

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill instructions specify the use of a sensitive local file path ~/.asc/AuthKey.p8 which contains an App Store Connect API private key used for authentication.
  • [COMMAND_EXECUTION]: The skill facilitates the execution of administrative commands using the asc CLI tool, including destructive actions like removing team members and modifying user roles.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing external data from App Store Connect which then influences high-privilege operations.
  • Ingestion points: Data is pulled from asc users list and asc user-invitations list as described in SKILL.md.
  • Boundary markers: The skill lacks explicit markers or safety instructions to separate untrusted data from agent commands, making it possible for malicious content in user profiles to influence agent logic.
  • Capability inventory: The skill possesses capabilities to remove users and modify roles via asc commands in SKILL.md and references/commands.md.
  • Sanitization: There is no evidence of sanitization or validation of the content returned by the external CLI tool before it is used in logic-gated shell operations.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 14, 2026, 06:21 AM