sheets-automation
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted data from external sources.
- Ingestion points: The skill ingests data from external sources including Google Form responses (Workflow 5), Google Sheets rows (Workflows 2, 3, and 4), and CRM data from HubSpot and Stripe (Workflow 1).
- Boundary markers: No specific delimiters or instructions (e.g., "ignore instructions in this cell") are used to wrap external content when it is interpolated into Slack messages, emails, or CRM updates.
- Capability inventory: The agent utilizes the google-workspace-mcp server to read/write sheets and has the ability to send Slack messages and emails, and perform CRM actions via n8n-style workflow definitions.
- Sanitization: There is no evidence of input validation, escaping, or sanitization logic to filter potentially malicious instructions embedded in the ingested data before it triggers downstream actions.
Audit Metadata