gpc-security
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script scripts/detect_gpc.mjs executes local GPC CLI commands to determine installation and authentication status. These are standard vendor-specific detection steps that do not involve untrusted input.
- [PROMPT_INJECTION]: The skill provides procedures for processing sensitive credentials and logs, creating a surface for indirect prompt injection (Category 8). 1. Ingestion points: User-provided prompts and log files regarding GPC security. 2. Boundary markers: None explicitly defined in the skill documentation to isolate untrusted content. 3. Capability inventory: Local command execution and file system access as described in SKILL.md and detection scripts. 4. Sanitization: No explicit data validation or sanitization logic is implemented within the skill's procedures.
Audit Metadata