gws-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill's behavior is consistent with its stated purpose of facilitating Google Workspace productivity workflows.
- [COMMAND_EXECUTION]: The skill executes commands using the
gwsCLI tool, which is a required binary for interacting with Google Workspace services. This usage is expected for a CLI-based integration from this vendor. - [PROMPT_INJECTION]: The skill processes data from Google Workspace services (e.g., Gmail and Calendar), creating an indirect prompt injection surface. (1) Ingestion points: Content from emails and meetings enters the context via the
gws workflowcommand flags. (2) Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the wrapper. (3) Capability inventory: The skill can read productivity data and perform actions via thegwsbinary. (4) Sanitization: Content is passed to the CLI tool parameters. This is an inherent risk of automated productivity tools but is managed by the trusted vendor's infrastructure.
Audit Metadata