gpc-monetization
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No security issues detected. The skill uses the gpc CLI tool for administrative tasks such as listing, creating, and updating monetization items. The commands are consistent with the skill's stated purpose, and it includes best practices such as requiring a confirmation flag for destructive operations.\n- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it processes data from external and local sources. \n
- Ingestion points: product descriptions and metadata retrieved via gpc products get and gpc subscriptions list commands, as well as local files like product.json and offer.json referenced in SKILL.md. \n
- Boundary markers: no explicit delimiters or instructions are used to separate external content from the agent's prompt. \n
- Capability inventory: the skill allows for the creation, modification, and deletion of monetization items via the gpc CLI. \n
- Sanitization: no sanitization or validation of the retrieved or provided monetization metadata is performed.
Audit Metadata