google-sheets
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes content from external spreadsheets.
- Ingestion points: Spreadsheet data is read via the
read_valuesmethod inscripts/sheets_manager.rb. - Boundary markers: There are no explicit delimiters or instructions to the agent to ignore embedded commands within the retrieved cell data.
- Capability inventory: The skill allows for significant modifications (writing, appending, clearing) and sheet management, and shares permissions with other high-privilege Google services.
- Sanitization: No validation or filtering is applied to the data fetched from spreadsheets before it is provided to the agent's context.
- [EXTERNAL_DOWNLOADS]: The skill documentation lists several official Google API gems as requirements.
- Trusted Source: Dependencies such as
google-apis-sheets_v4andgoogleauthare official, well-known libraries maintained by Google. These references are considered safe and do not escalate the security verdict.
Audit Metadata