auditing-appstore-readiness
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill executes a local JavaScript file
scripts/audit.mjsusingnode. Because the content of this script was not provided in the analyzed files, its behavior remains unverifiable. Under the 'assume-malicious' posture, an opaque script executed with the agent's privileges poses a risk of performing unauthorized file system or network operations. - [EXTERNAL_DOWNLOADS] (LOW): The instructions suggest the use of
npm install,pod install, andnpx expo doctor. These commands download and execute code from remote registries (npm, CocoaPods). While standard for mobile development, they represent an external code execution vector. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it reads and processes content from untrusted external repositories.
- Ingestion points: The skill reads
package.json,Info.plist,app.json, and other repository configuration files. - Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore malicious instructions embedded within the audited files.
- Capability inventory: The agent has access to the
exectool, enabling it to run shell commands, build tools (xcodebuild), and package managers. - Sanitization: There is no evidence of sanitization or validation of the data read from the repository files before it is used to generate the final audit report or influence agent logic.
Audit Metadata