Skills
skills/baphomet480/claude-skills/google-workspace/Gen Agent Trust Hub

google-workspace

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves untrusted data from external sources.
  • Ingestion points: scripts/gmail.py (reading email content), scripts/google_docs.py (reading document text), scripts/google_sheets.py (reading spreadsheet data), and scripts/google_notebooklm.py (importing content from URLs).
  • Boundary markers: There are no explicit markers used to separate untrusted data from the agent's command instructions.
  • Capability inventory: The skill has broad permissions, including sending emails, deleting files, and managing calendar events.
  • Sanitization: Content retrieved from Google APIs is passed to the agent context without sanitization or validation.
  • [COMMAND_EXECUTION]: Local system commands are utilized for notifications and system configuration.
  • Evidence: scripts/maintain_token.py uses subprocess.run to call notify-send and osascript for status alerts. scripts/install_services.sh manages user-level systemd timers.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations to transfer data from Google services to the local system.
  • Evidence: scripts/google_drive.py and scripts/google_photos.py provide commands for downloading files and media items. scripts/google_notebooklm.py allows adding sources via remote URLs.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 06:56 PM