Skills
skills/evolv3ai/claude-skills-archive/google-chat-api/Gen Agent Trust Hub

google-chat-api

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
  • Ingestion points: User input is received via the request.json() method in templates/interactive-bot.ts and templates/webhook-handler.ts.
  • Boundary markers: There are no explicit markers or safety instructions to separate untrusted user input from system instructions.
  • Capability inventory: The skill enables administrative functions such as space deletion, member removal, and message creation via the Google Chat API using the fetch method.
  • Sanitization: User input is directly interpolated into bot responses and card widgets without sanitization or escaping.
  • [EXTERNAL_DOWNLOADS]: The skill documentation and package configuration include google-chat-cards (v1.0.3), which is an unofficial third-party package from the NPM registry.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 03:49 AM