gpd-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and reads user-generated Google Play reviews (e.g., via the "gpd reviews list --include-review-text" and related review commands), which are untrusted third-party content the agent would ingest and interpret.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a specialized CLI for managing Google Play Developer Console and includes explicit monetization and purchase-management commands that perform financial actions. Examples in the prompt include commands to refund subscriptions (gpd purchases subscriptions refund), cancel subscriptions (gpd purchases subscriptions cancel), acknowledge/consume purchases (gpd purchases products acknowledge / consume), and create products with pricing. These are specific, platform-level payment operations that can directly affect money/refunds for users, not generic automation or generic HTTP calls. Therefore it grants direct financial execution capability.