google-workspace-cli
Warn
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains deceptive metadata regarding its authorship. While
SKILL.mdidentifies the author asborghei, the Python scripts (scripts/auth_setup_guide.py,scripts/gws_doctor.py, andscripts/workspace_audit.py) attribute the code to the 'Claude Skills Engineering Team' in their headers. This impersonation of an official or authoritative entity is a deceptive practice that can misguide users about the skill's origin. - [COMMAND_EXECUTION]: The skill uses shell commands to execute Python scripts for auditing and diagnostics. These scripts process local files containing sensitive configuration data.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its ingestion of external JSON configuration files.
- Ingestion points: The
--configargument inscripts/workspace_audit.pyandscripts/gws_doctor.pyreads user-provided JSON files. - Boundary markers: No delimiters or instructions are used to prevent the agent from obeying instructions embedded within the configuration data.
- Capability inventory: The agent can execute shell commands, read local files, and interpret script output.
- Sanitization: The scripts do not sanitize the input configuration data for natural language instructions.
Audit Metadata