gog
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill requires the user to provide a path to a sensitive OAuth client secret file via the command
gog auth credentials /path/to/client_secret.json. This exposes highly sensitive authentication material to the agent environment. - [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install a third-party binary using a Homebrew tap (
steipete/tap/gogcli). This introduces a dependency on an external developer's repository which is not managed by the platform. - [COMMAND_EXECUTION]: The skill relies on executing the
gogbinary for all its operations, which can read, write, and delete data across a user's Google Workspace (Gmail, Drive, Calendar, etc.). - [DATA_EXFILTRATION]: The tool includes capabilities to send emails (
gog gmail send) and export documents (gog docs export), which can be used to move sensitive information from Google Workspace to external recipients or local temporary directories. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external sources and has high-privilege capabilities.
- Ingestion points: Commands like
gog gmail messages searchandgog docs catbring untrusted data from emails and documents into the agent's context. - Boundary markers: No delimiters or instructions to ignore embedded commands are specified when reading external content.
- Capability inventory: The skill has the ability to send emails, create calendar events, and export files to the local system.
- Sanitization: There is no evidence of sanitization or filtering of the content retrieved from Google Workspace before it is processed by the agent.
Audit Metadata