gpc-metadata-sync
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill demonstrates the use of the gpc CLI tool for syncing and updating Google Play metadata. These operations are restricted to the tool's intended functionality and do not involve unauthorized privilege escalation or dangerous parameters.
- [PROMPT_INJECTION]: The skill has a potential surface for indirect prompt injection as it reads and syncs content from local directories into the Google Play Store.
- Ingestion points: Local files in the ./metadata and ./screenshots directories are read via gpc listings sync and gpc images sync.
- Boundary markers: No explicit boundary markers or 'ignore' instructions are provided for the content within the synced files.
- Capability inventory: The agent can execute gpc commands to update remote store listings and upload images.
- Sanitization: No specific sanitization or validation of the input file content is implemented within the skill itself, relying on the underlying tool's constraints.
Audit Metadata