google-integration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill manages sensitive OAuth credentials and tokens stored in
.envand01-memory/integrations/google-token.json. The documentation correctly advises users to exclude these from version control via.gitignore. The provided scripts only use these credentials to communicate with official Google API endpoints. - [Prompt Injection] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Content is ingested from Gmail messages, Google Docs, Google Sheets, and Google Drive files.
- Boundary markers: Absent. There are no instructions provided to the agent to treat data from these sources as untrusted or to ignore embedded instructions.
- Capability inventory: The skill possesses significant capabilities, including sending/deleting emails, deleting Drive files, and modifying spreadsheets and documents.
- Sanitization: Absent. The skill does not perform sanitization of the content read from external Google services before processing it.
- [Unverifiable Dependencies] (SAFE): The skill depends on well-known, trusted libraries (
google-auth,google-api-python-client) from official repositories. No suspicious or unversioned remote packages are requested. - [Persistence Mechanisms] (SAFE): No attempts to establish unauthorized persistence were detected. The use of a local token file for OAuth session management is a standard and expected behavior for this integration type.
Audit Metadata