gws-docs-write
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'gws' command-line interface to interact with Google Docs. As the skill is authored by 'googleworkspace', this binary is considered a trusted vendor resource and is used within its intended functional scope.
- [INDIRECT_PROMPT_INJECTION]: The skill exposes a potential surface for indirect prompt injection as it accepts arbitrary input via the '--text' flag.
- Ingestion points: The '--text' parameter takes content from the agent's context which may originate from untrusted external sources.
- Boundary markers: The command structure does not include delimiters or instructions for the agent to ignore potentially malicious instructions embedded within the text.
- Capability inventory: The skill can modify the contents of Google Documents using 'gws docs +write'.
- Sanitization: No evidence of input validation or escaping is present in the skill definition.
Audit Metadata