gws-docs
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'gws' binary to execute document management tasks. This is the expected behavior for a tool authored by 'googleworkspace' and aligns with its stated functionality.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it retrieves and processes content from external Google Documents.
- Ingestion points: Document content is ingested via the 'documents.get' method in SKILL.md.
- Boundary markers: There are no explicit delimiters defined to separate document content from the agent's system instructions.
- Capability inventory: The skill has the capability to read, create, and batch-update documents using the 'gws' command-line utility.
- Sanitization: No content sanitization or instruction-filtering is specified for the data retrieved from the API.
Audit Metadata