gws
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interacts with the local environment by executing the binary located at
/opt/homebrew/bin/gws. This is used to perform various operations across Google Workspace services. - [INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes data from untrusted external sources.
- Ingestion points: The skill reads external content from Gmail messages, Google Drive files, and Google Docs (referenced in
references/api_reference.md). - Boundary markers: No explicit delimiters are specified in the current instructions to separate untrusted data from the agent's system prompt.
- Capability inventory: The skill possesses significant capabilities, including sending emails, sharing files externally, and modifying calendar events (referenced in
SKILL.md). - Sanitization: The CLI tool supports a
--sanitizeflag using Model Armor templates. Additionally, the instructions explicitly require the agent to seek user confirmation before executing any write-based commands, providing a human-in-the-loop security checkpoint.
Audit Metadata