gws-events-subscribe
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
gwsCLI, a vendor-specific tool for interacting with Google Workspace services. This is a standard administrative and productivity function. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it reads and processes external event data from Google Workspace. Ingestion points: CloudEvents retrieved from Workspace resources via
gws events +subscribein SKILL.md. Boundary markers: The skill does not define specific delimiters to separate untrusted event data from agent instructions. Capability inventory: The agent can execute thegwsbinary and write JSON files to a local directory using the--output-dirflag. Sanitization: There is no evidence of content sanitization or validation for incoming event payloads.
Audit Metadata