The Agent Skills Directory

[COMMAND_EXECUTION]: The detection script scripts/detect_gpc.mjs uses execSync to run gpc and npx commands. These commands use hardcoded strings to verify installation, authentication status, and configuration. While this is dynamic execution, the inputs are static and the purpose is restricted to environment detection.
[COMMAND_EXECUTION]: The skill instructions and references/key-rotation.md provide procedures involving file system operations such as rm -rf ~/.cache/gpc/tokens/, rm -P, and shred. These are intended for clearing sensitive caches and securely deleting old service account keys as part of the primary skill purpose.
[INDIRECT_PROMPT_INJECTION]: The skill processes external data that could be influenced by an attacker, specifically the GPC audit log at ~/.config/gpc/audit.log.
Ingestion points: The audit log is read using tail or cat as described in SKILL.md.
Boundary markers: None are present in the provided instructions; data is piped directly into jq for display.
Capability inventory: The skill environment includes shell execution capabilities via detect_gpc.mjs and file manipulation commands in the procedure documentation.
Sanitization: No sanitization or escaping of the audit log content is described before it is processed by the agent.

gpc-security