gog
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies (MEDIUM): The skill requires the installation of a binary via a third-party Homebrew tap
steipete/tap/gogcli. This source is not within the defined trusted organizations, posing a supply chain risk. - Indirect Prompt Injection (HIGH): The skill possesses a high-risk attack surface for indirect prompt injection (Category 8).
- Ingestion points: The agent can read untrusted data via
gog gmail search,gog drive search,gog docs cat, andgog sheets get. - Boundary markers: There are no instructions or delimiters provided to help the agent distinguish between its instructions and the data retrieved from Google Workspace.
- Capability inventory: The skill has significant write capabilities, including
gog gmail send,gog sheets update, andgog calendar events. - Sanitization: No evidence of input sanitization or output validation is present.
- Scenario: An attacker could send a malicious email that, when read by the agent, triggers a command to exfiltrate other files or send unauthorized emails.
- Command Execution (LOW): The skill executes shell commands using the
gogbinary. While the commands are structured, passing data retrieved from external documents into these commands without explicit sanitization may lead to argument injection vulnerabilities.
Recommendations
- AI detected serious security threats
Audit Metadata