Skills
skills/willsigmon/sigstack/TestFlight Expert/Gen Agent Trust Hub

TestFlight Expert

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEDATA_EXFILTRATION
Full Analysis
  • Data Exposure & Exfiltration (LOW): The documentation identifies ~/.appstore/AuthKey.p8 as the storage location for sensitive App Store Connect API keys. While this is intended for user guidance, it provides the agent with the location of a high-value target for potential exfiltration.
  • Indirect Prompt Injection (LOW): The skill possesses a vulnerability surface for indirect injection.
  • Ingestion points: The WebFetch tool allows the agent to ingest untrusted data from the web.
  • Boundary markers: Absent. There are no instructions to delimit or ignore instructions within fetched content.
  • Capability inventory: The agent has Bash, Edit, and Read capabilities across the environment, which could be exploited by malicious payloads in external data.
  • Sanitization: Absent. No filtering or validation of external content is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:40 PM