google-workspace-integrator
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill accesses sensitive authentication files at hardcoded paths:
knowledge/personal/connections/google/google-credentials.jsonandgoogle-token.json. These contain OAuth 2.0 secrets and tokens.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted external content.\n - Ingestion points: The
listEmailsandfetchAgendafunctions insrc/lib.tsfetch text directly from Google APIs.\n - Boundary markers: The skill does not implement delimiters or provide warnings to the agent to treat the retrieved content as untrusted.\n
- Capability inventory: The skill possesses capabilities like sending emails and writing files, which could be abused if malicious instructions in fetched content are obeyed.\n
- Sanitization: Content from emails and calendar events is returned to the agent without any sanitization or validation.\n- [EXTERNAL_DOWNLOADS]: The
googleapisandyargspackages are imported in the source code but are absent from thepackage.jsondependencies, making the specific versions and source of these libraries unverifiable within the skill's own manifest.
Audit Metadata