gpd-cli
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill operates by executing the
gpdcommand-line utility. It provides instructions for performing various administrative actions on the Google Play Store, such asgpd publish,gpd monetization, andgpd permissions. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves untrusted data from the Google Play Console. User-submitted reviews fetched via
gpd reviews listand crash reports fromgpd vitalscould contain malicious instructions designed to manipulate the agent's behavior. - Ingestion points: The agent ingests external data through the
gpd reviews listandgpd vitals errors reports searchcommands (defined in SKILL.md). - Boundary markers: The skill does not implement delimiters or safety instructions to prevent the agent from following commands embedded within user reviews or crash logs.
- Capability inventory: The agent possesses significant capabilities, including the ability to delete resources (
gpd publish edit delete), modify pricing (gpd monetization baseplans migrate-prices), and reply to users (gpd reviews reply). - Sanitization: There are no specified sanitization or filtering processes for the external data before it is processed by the agent.
Audit Metadata