Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection because it retrieves and processes untrusted content from Google Workspace (Gmail, Drive, Docs) while possessing the capability to perform sensitive actions (sending emails, deleting files).\n
- Ingestion points: Data is ingested via commands like
gog gmail get,gog docs cat, andgog sheets getwhich read content from external, potentially attacker-controlled sources.\n - Boundary markers: There are no instructions or delimiters provided to help the agent distinguish between its own system instructions and the content retrieved from Google Workspace.\n
- Capability inventory: The agent is granted extensive capabilities, including
gog gmail send,gog drive delete, andgog calendar create, which could be abused if an indirect injection is successful.\n - Sanitization: The skill does not implement or suggest any sanitization or validation of the retrieved data before the agent processes it.
Audit Metadata