gog-cli
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill enables execution of a powerful CLI tool that can modify or delete data across Google Workspace services (Gmail, Drive, Calendar, etc.) based on agent instructions.\n- [DATA_EXFILTRATION] (MEDIUM): Provides deep access to sensitive user communications and files. Features like the tracking worker (gog gmail track setup --worker-url) allow for programmatic data transmission to external endpoints.\n- [CREDENTIALS_UNSAFE] (MEDIUM): Skill instructions facilitate the manual storage and management of OAuth client secrets and service account keys within the agent's operating context.\n- [PROMPT_INJECTION] (LOW): High risk of indirect prompt injection due to the lack of sanitization and boundary markers for ingested data.\n
- Ingestion points: Gmail messages (references/gmail.md), Chat messages (references/other-services.md), and Drive file contents (references/drive-docs.md).\n
- Boundary markers: None specified in instructions.\n
- Capability inventory: Write/Delete operations across Gmail, Drive, Sheets, and Chat (all reference files).\n
- Sanitization: No instructions for escaping or validating external content before processing.\n- [EXTERNAL_DOWNLOADS] (LOW): Requires installation of the gogcli tool from a non-trusted third-party Homebrew tap (steipete/tap) as specified in SKILL.md.
Audit Metadata