Skills
skills/yasserstudio/gpc-skills/gpc-user-management/Gen Agent Trust Hub

gpc-user-management

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a Node.js detection script (scripts/detect_gpc.mjs) and instructs the agent to execute shell commands using the GPC CLI to perform user and tester management.
  • [EXTERNAL_DOWNLOADS]: The skill supports executing the GPC tool via npx, which downloads and runs the package from the npm registry if not locally available.
  • [PROMPT_INJECTION]: The skill ingests untrusted user input, such as email addresses, app package names, and the content of CSV files, which are interpolated into CLI command arguments.
  • Ingestion points: User-supplied parameters in SKILL.md and CSV file data.
  • Boundary markers: Absent.
  • Capability inventory: Administrative operations on Google Play Console accounts.
  • Sanitization: Absent; the skill relies on the underlying CLI to handle input validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 06:41 PM