gpd-cli
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates interaction with the Google Play Store by executing the
gpdcommand-line utility for administrative tasks like publishing and rollout management. - [PROMPT_INJECTION]: The skill retrieves untrusted data from the Play Store via the
gpd reviews listcommand, which creates an indirect prompt injection surface. 1. Ingestion points: User-submitted reviews retrieved through thegpd reviews listcommand. 2. Boundary markers: None specified in the skill body. 3. Capability inventory: Extensive administrative control over the Google Play Console through thegpdtool, including release and monetization management. 4. Sanitization: No sanitization or validation of the fetched review text is mentioned. - [NO_CODE]: The skill does not bundle any scripts, binaries, or executable code, relying instead on the pre-installation of the external
gpdCLI tool.
Audit Metadata