The Agent Skills Directory

[PROMPT_INJECTION] (MEDIUM): Misleading metadata/instructions. The skill recommends installing 'google-play-scraper' as a 'Google Play Console CLI'. This is factually incorrect as the package is for web scraping and not deployment, which could mislead the agent into using inappropriate libraries or exposing data to the wrong tools.
[EXTERNAL_DOWNLOADS] (MEDIUM): Unverifiable dependency installation. The skill instructs the agent to install 'google-play-scraper' from PyPI (not a trusted organization) and uses 'brew' to install 'bundletool' from external sources.
[COMMAND_EXECUTION] (MEDIUM): Risk of arbitrary code execution through the Gradle wrapper. The skill utilizes './gradlew' to build projects. While necessary for its primary purpose, this involves executing scripts from the user's repository without adequate sandboxing or verification.
[PROMPT_INJECTION] (LOW): Indirect prompt injection surface. 1. Ingestion points: The skill reads and executes configuration from user-provided files like build.gradle.kts. 2. Boundary markers: Absent. No delimiters protect the agent from embedded instructions in the project code. 3. Capability inventory: Subprocess execution of build tools (gradlew, bundletool) and shell scripts. 4. Sanitization: Absent. No validation of project-side script content is performed before execution.
[EXTERNAL_DOWNLOADS] (LOW): Automated scan alert for 'proguard-rules.pro'. A scanner flagged this as a malicious URL. This is analyzed as a likely false positive where the '.pro' file extension was misinterpreted as a Top-Level Domain, but it warrants awareness during deployment.
[CREDENTIALS_UNSAFE] (LOW): Potential credential exposure. Command templates use placeholders for keystore passwords and reference sensitive service account files, which could be logged by the system in plaintext.

build-release