gpc-purchase-orders
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the execution of 'gpc' CLI commands to perform its core functions, such as 'gpc purchases verify' and 'gpc orders refund'. This is consistent with the skill's stated administrative purpose.
- [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection due to the way it processes external data. 1. Ingestion points: The 'gpc ext-tx create' command accepts an external 'transaction.json' file as input. 2. Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the ingested file. 3. Capability inventory: The agent has the capability to execute 'gpc' commands that can modify transaction states or issue refunds. 4. Sanitization: No sanitization or validation of the input file's content is specified within the skill instructions.
Audit Metadata