gpd-metadata-sync
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process local metadata files (e.g., titles, descriptions, and assets) from the
fastlane/metadata/androiddirectory. While this is the intended functionality, it creates an attack surface where malicious content inside those files could influence agent behavior during a sync or validation workflow. - Ingestion points: Metadata files within
fastlane/metadata/androidread bygpd migratecommands. - Boundary markers: No specific delimiters or safety warnings for the agent regarding the content of these files are present in the instructions.
- Capability inventory: The skill uses the
gpdCLI to perform network operations (publishing to Google Play) and file system operations (reading/writing metadata and assets). - Sanitization: The instructions do not mention sanitizing the input data, though they suggest using
gpd migrate fastlane validateto catch schema errors. - [Command Execution] (SAFE): All commands use the
gpdutility with standard arguments. There are no signs of command injection or attempts to execute arbitrary system shells. - [Data Exposure] (SAFE): No hardcoded API keys, tokens, or sensitive file paths (like SSH keys) are present. It uses generic placeholders like
com.example.app. - [Prompt Injection] (SAFE): No override instructions, bypass markers, or instructions to ignore system safety protocols were detected.
Audit Metadata