google-sheets
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill uses local Python scripts to perform legitimate API operations and authentication.
- CREDENTIALS_UNSAFE (SAFE): Employs environment variables via a .env file for sensitive client IDs and secrets, avoiding hardcoded credentials.
- EXTERNAL_DOWNLOADS (SAFE): Recommends standard, official libraries from trusted sources (Google).
- PROMPT_INJECTION (LOW): There is a potential for indirect prompt injection (Category 8) via data ingested from spreadsheets. Evidence Chain: 1. Ingestion points: sheets_operations.py read; 2. Boundary markers: None; 3. Capability inventory: Network access to Google APIs, spreadsheet write/append; 4. Sanitization: None mentioned in skill definition.
Audit Metadata