The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill utilizes uvx to download and run the workspace-mcp package from an external registry (PyPI) at runtime without specifying a version or verifying its integrity.
[REMOTE_CODE_EXECUTION]: Execution of the externally sourced workspace-mcp package via uvx constitutes remote code execution, as the package content is fetched and run in the agent's environment.
[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using uvx to interact with Google Workspace tools.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from user-controlled documents.
Ingestion points: The skill reads document and spreadsheet content using tools like get_doc_as_markdown and read_sheet_values (as defined in SKILL.md).
Boundary markers: No delimiters or safety instructions are provided to prevent the agent from following instructions embedded within the retrieved Google Workspace content.
Capability inventory: The skill has high-impact capabilities, including modifying document content (find_and_replace_doc), altering spreadsheet data (modify_sheet_values), and changing file permissions (set_drive_file_permissions).
Sanitization: There is no evidence of sanitization, validation, or filtering of the content retrieved from external files before it is processed by the agent.

workspace-cli