google-analytics
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- Data Exposure & Exfiltration (MEDIUM): The skill accesses sensitive Google Cloud service account JSON keys via environment variables. Evidence: SKILL.md and .env.example reference GOOGLE_APPLICATION_CREDENTIALS.
- Indirect Prompt Injection (LOW): The skill processes data from the Google Analytics API which could contain untrusted content. 1. Ingestion points: API response data from GA4. 2. Boundary markers: Absent. 3. Capability inventory: Execution of local scripts scripts/ga_client.py and scripts/analyze.py. 4. Sanitization: Absent.
Audit Metadata