tasks
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires official Google API gems (
google-apis-tasks_v1,googleauth) which are fetched from the trusted RubyGems registry. - [DATA_EXFILTRATION]: The skill reads local credential files (
~/.claude/.google/client_secret.jsonandtoken.json) and requests extensive OAuth scopes including Gmail and Drive access. This allows the script to authenticate requests to Google's well-known and trusted API infrastructure. - [COMMAND_EXECUTION]: The skill operates by executing Ruby scripts to perform API operations on Google Tasks.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. Ingestion points: Task titles and notes fetched from the Google Tasks API in
tasks_manager.rb. Boundary markers: None present in the script to delimit retrieved data from agent instructions. Capability inventory: CRUD operations on tasks via Ruby subprocess calls. Sanitization: No evidence of escaping or filtering content retrieved from the API before returning it to the agent.
Audit Metadata