gplay-metadata-sync
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill documents the usage of a
gplayCLI tool for app metadata management (e.g.,export-listings,import-images,validate listing). These commands are restricted to the domain of Google Play Store management and do not exhibit arbitrary or suspicious command execution patterns. - [DATA_EXPOSURE] (SAFE): The skill references standard file paths (e.g.,
./fastlane/metadata/android) for reading and writing app metadata. This is consistent with the primary purpose of syncing local developer assets with a remote store. No sensitive system files, personal data, or credentials are accessed. - [NO_CODE] (SAFE): The skill consists entirely of Markdown instructions and CLI usage examples. No scripts (.py, .js, .sh) or binary executables are distributed with this skill.
- [CREDENTIALS_UNSAFE] (SAFE): The skill uses environment variables like
$EDIT_IDfor session management but does not hardcode any API keys, tokens, or private credentials.
Audit Metadata