gpd-id-resolver
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: No malicious patterns detected. The skill consists of documentation and usage examples for the Google Play Developer (gpd) command-line interface.
- [COMMAND_EXECUTION]: The skill uses the 'gpd' CLI tool to interact with Google Play services (SKILL.md). This behavior is aligned with the skill's primary purpose.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection via tool output poisoning. Findings: 1. Ingestion points: Data enters the context via output from 'gpd' command executions (SKILL.md). 2. Boundary markers: Absent; there are no instructions to the agent to treat external data as untrusted. 3. Capability inventory: The skill enables execution of CLI commands for package, track, and permission management. 4. Sanitization: No sanitization or validation of the command output is performed before it is processed.
Audit Metadata