Skills
skills/tamtom/gplay-cli-skills/gplay-cli-usage/Gen Agent Trust Hub

gplay-cli-usage

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
  • No Code (SAFE): The skill folder contains only a markdown file (SKILL.md) with instructions and examples. No scripts, binaries, or configuration files that execute code are present.
  • Command Execution (SAFE): The skill provides examples for running the gplay command-line utility. This is the primary purpose of the skill and aligns with the user's intent to manage Google Play Console tasks.
  • Indirect Prompt Injection (LOW): The skill instructs the agent to process data retrieved from the Google Play Console, which is an external and potentially untrusted source.
  • Ingestion points: Command outputs from gplay tracks list, gplay apps list, and gplay reports (defined in SKILL.md).
  • Boundary markers: Absent. No specific delimiters or safety instructions are provided to the agent for handling tool output.
  • Capability inventory: Subprocess execution of the gplay CLI, file system writes for downloading reports, and network requests via webhooks (gplay notify).
  • Sanitization: Absent. The skill does not advise the agent on how to sanitize or validate data returned from the CLI before processing it.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:37 PM