gws-chat
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the 'gws' binary, a vendor-provided tool, to execute commands for managing Google Chat spaces, messages, and media.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and processes content from Google Chat that can be controlled by external users.
- Ingestion points: Data enters the context from the Google Chat API via resources such as 'spaces' (descriptions/names) and 'media' (content).
- Boundary markers: The skill does not implement boundary markers or instructions for the agent to disregard potential commands found within API data.
- Capability inventory: The skill allows for the creation, deletion, and modification of spaces and emojis, as well as file transfers.
- Sanitization: There is no documented sanitization or validation of the data retrieved from the Chat API before it is processed by the agent.
Audit Metadata