Skills
skills/chachamaru127/claude-code-harness/gogcli-ops/Gen Agent Trust Hub

gogcli-ops

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on the Bash tool to run the gog CLI utility for interacting with Google Drive, Sheets, Docs, and Slides.\n- [COMMAND_EXECUTION]: Runs a local Python script scripts/gog_parse_url.py to extract file IDs from provided URLs or text.\n- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection through the processing of untrusted data from external Google Workspace documents.\n
  • Ingestion points: Reads file content using gog docs cat and spreadsheet data via gog sheets get (as referenced in SKILL.md).\n
  • Boundary markers: Does not define delimiters or specific instructions to ignore embedded commands within the retrieved data.\n
  • Capability inventory: The agent is equipped with the Bash tool (defined in SKILL.md), providing a high-impact execution environment for any instructions found in the data.\n
  • Sanitization: The skill does not implement sanitization or validation logic for the content fetched from the Google API.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 11:32 AM