gpd-cli-usage
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Data Exposure & Exfiltration (SAFE): The skill references GPD_SERVICE_ACCOUNT_KEY for authentication but does not include any hardcoded secrets, tokens, or access to sensitive local file paths.
- Indirect Prompt Injection (LOW): The skill provides templates for CLI commands that incorporate user-provided inputs like package names. Evidence Chain: (1) Ingestion points: The --package flag and other command arguments. (2) Boundary markers: Not mentioned in the documentation. (3) Capability inventory: Execution of gpd CLI commands. (4) Sanitization: No specific sanitization logic is provided in the documentation. This is a common pattern for CLI guidance and presents low risk in this context.
Audit Metadata