google-contacts
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCREDENTIALS_UNSAFE
Full Analysis
- [Data Exposure] (LOW): The script reads and writes sensitive authentication data, including OAuth 2.0 tokens and client secrets, to the
~/.contacts_credentials/directory. While necessary for operation, these files should be protected with appropriate filesystem permissions. - [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from the Google People API (contact names, notes, etc.). While the current implementation only prints this data to stdout, an attacker who can modify a user's contacts could theoretically place instructions in contact fields to influence the agent's behavior during subsequent processing.
- [COMMAND_EXECUTION] (SAFE): Commands are executed via standard library arguments and do not involve shell interpolation of untrusted strings.
Audit Metadata