app-store-aso
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill instructs the agent to install and use 'krankie', a third-party App Store ranking tracker, via
bun install -g krankie. - Evidence: Found in
SKILL.mdunder the 'Installation' section for Krankie. - Context: The tool is hosted at
https://github.com/timbroddin/krankie. This is an unknown/untrusted source (not on the pre-approved trusted organizations list). Although relevant to the skill's primary purpose, installing unverified software carries inherent risk. Severity is downgraded from MEDIUM to LOW because the tool is central to the skill's intended primary purpose. - PROMPT_INJECTION (LOW): The skill presents an attack surface for indirect prompt injection by processing untrusted application metadata.
- Ingestion points: User-provided app titles, subtitles, and descriptions, as well as metadata fetched from external App Store APIs via MCP servers.
- Boundary markers: Absent. The skill does not use delimiters or explicit instructions to the agent to ignore instructions embedded within the processed app data.
- Capability inventory: The agent is authorized to execute a local Python script (
validate_metadata.py) and thekrankieCLI tool. - Sanitization: None. There is no evidence of input filtering or escaping for the metadata processed by the agent.
Audit Metadata