Skills
skills/yasserstudio/gpc-skills/gpc-release-flow/Gen Agent Trust Hub

gpc-release-flow

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on the gpc CLI tool and includes a detection script (scripts/detect_gpc.mjs) that executes shell commands via execSync to verify installation and authentication status.
  • [EXTERNAL_DOWNLOADS]: The detection script may trigger a download of the gpc package from the public NPM registry via npx if the tool is not found locally.
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface as it processes user-controlled inputs like release notes and file paths for use in CLI commands. Evidence chain: (1) Ingestion points: Release notes and file paths in SKILL.md and release-notes.md; (2) Boundary markers: Absent; (3) Capability inventory: Execution of gpc commands with network and file system access; (4) Sanitization: No explicit sanitization of user-provided strings is documented. This is a standard functional surface for CLI-based integrations.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 01:58 PM