gpc-sdk-usage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly ingests public, user-generated Play Store content (e.g., SKILL.md shows client.reviews.list with a reply loop and states “For --locales auto… it calls client.listings.list to infer the locale set from your live Play Store listing”), and that content is used to drive decisions/actions (locale selection, replies), meeting the criteria for untrusted third‑party input.