The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess execution to detect and interact with the GPC CLI.
The detection script scripts/detect_gpc.mjs uses execSync to check the installation status and version of the gpc binary.
SKILL.md and related documentation provide numerous commands for the agent to execute, including gpc vitals, gpc reviews, and gpc reports.
[EXTERNAL_DOWNLOADS]: The skill documentation recommends the installation of an external Node.js package.
references/ci-gating.md instructs users to run npm install -g @gpc-cli/cli to set up the necessary environment.
[DATA_EXFILTRATION]: Documentation includes examples of transmitting monitoring data to external endpoints.
SKILL.md provides an example where JSON output from the vitals command is piped to curl for transmission to a monitoring tool.
[INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection via user-controlled data.
Ingestion points: Untrusted data enters the agent context through commands that fetch user reviews from the Play Store, such as gpc reviews list and gpc reviews get (documented in SKILL.md and references/review-management.md).
Boundary markers: No specific delimiters or instructions to ignore embedded content are present in the documentation for processing review text.
Capability inventory: The skill can execute CLI commands (gpc), write files (gpc reviews export), and documentation examples show network operations (curl).
Sanitization: There is no evidence of sanitization or filtering of the review content before it is processed by the agent.

gpc-vitals-monitoring