gpd-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and act on public, user-generated Google Play content (e.g., the "Reviews" section with commands like "gpd reviews list --include-review-text" and "gpd reviews reply" and the "Monitor App Health" vitals commands), meaning the agent ingests untrusted Play Store reviews/crash reports that could influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is for the Google Play Developer CLI and includes explicit monetization and purchase commands that perform financial actions: creating/updating products and subscriptions with prices (e.g., --default-price, --price-micros, migrate-prices), commands to cancel or refund subscriptions (gpd purchases subscriptions cancel / refund), and other purchases operations (consume, acknowledge). Those are specific, built-in financial operations (price changes and refunding transactions) rather than generic tooling, so the skill grants direct financial execution capability.