googledocs-automation
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses a surface for indirect prompt injection as it is designed to ingest and process data from external Google Docs.
- Ingestion points: Data enters the agent context through
GOOGLEDOCS_SEARCH_DOCUMENTSandGOOGLEDOCS_GET_DOCUMENT_BY_IDas described inSKILL.md. - Boundary markers: Absent. The skill does not provide instructions to the agent to treat document content as untrusted data or use delimiters.
- Capability inventory: The agent can create, modify, search, and export Google Docs files. These capabilities are restricted to the Google Docs environment.
- Sanitization: None. There is no mention of filtering or sanitizing the content retrieved from documents before processing.
- External Reference (SAFE): The skill references a remote MCP endpoint (
https://rube.app/mcp) and documentation (composio.dev). These are used for the primary functionality of the skill and do not involve unauthorized code execution or data exfiltration.
Audit Metadata