Skills
skills/megastep/playconsole-cli-skills/gpc-review-management/Gen Agent Trust Hub

gpc-review-management

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes the gpc (Google Play Console) CLI tool to perform actions such as listing, inspecting, and replying to reviews.
  • [PROMPT_INJECTION]: Contains a surface for indirect prompt injection because the skill ingests and processes untrusted user-generated content from Google Play reviews.
  • Ingestion points: Data enters the context via gpc reviews list and gpc reviews get commands (SKILL.md).
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to treat review content as untrusted data.
  • Capability inventory: The skill has the ability to write data back to the platform via gpc reviews reply (SKILL.md).
  • Sanitization: No automated sanitization is described; however, the skill mandates a human-in-the-loop for approval before sending replies.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 06:15 PM