gplay-testers-orchestration
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its data ingestion patterns and high-privilege capabilities.
- Ingestion points: The skill reads untrusted data from
testers.csv,testers-internal.txt, andtrack-config.jsonvia commands liketailandcat. - Boundary markers: Absent. There are no delimiters or instructions to the agent to treat the content of these files as data rather than instructions.
- Capability inventory: The skill can execute
gplay testers update,gplay release, andgplay edits commit, which allow it to modify Google Play Console tracks, upload application bundles, and manage tester access. - Sanitization: Absent. The skill uses basic shell tools (
cut,paste,jq) to format data but performs no validation on the content of the email lists or JSON configurations before pushing them to the Google Play API. - [COMMAND_EXECUTION] (MEDIUM): The skill relies extensively on local shell execution and complex command chaining. It uses shell variables (e.g.,
$EDIT_ID,$CURRENT,$EMAILS) inside backticks and subshells, which can be risky if the variables are populated with unsanitized data from the external files mentioned above.
Recommendations
- AI detected serious security threats
Audit Metadata