gplay-review-management
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Command Execution] (HIGH): The skill suggests establishing system persistence by scheduling tasks via the system crontab for daily execution. Evidence: The 'Scheduled Review Check' section provides a crontab entry (0 9 * * *) to execute a local script automatically.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted user-generated content from Google Play reviews without sanitization or delimiters. Ingestion points: 'gplay reviews list' output in SKILL.md. Boundary markers: Absent. Capability inventory: Uses 'gplay reviews reply' and 'mail' to act on or transmit data. Sanitization: Absent.
- [Data Exfiltration] (LOW): The skill facilitates the movement of potentially sensitive review data to external systems using the mail command. Evidence: The 'Integration with Support System' section pipes parsed review data to an external email address.
Recommendations
- AI detected serious security threats
Audit Metadata