google-docs
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses Google OAuth credentials and tokens stored in
~/.claude/.google/client_secret.jsonand~/.claude/.google/token.jsonto authenticate requests to well-known Google API endpoints. This behavior is a core requirement for the skill's functionality and is documented neutrally. \n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. 1. Ingestion points: Untrusted document content is read inscripts/docs_manager.rbvia thereadandstructurecommands. 2. Boundary markers: No delimiters or instructions are used to separate document content from agent instructions. 3. Capability inventory: The skill possesses extensive document modification permissions, includingdelete_content,replace_text, andinsert_textinscripts/docs_manager.rb. 4. Sanitization: No filtering or escaping is applied to the ingested document text.
Audit Metadata