persona-content-creator
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill contains no executable code or scripts. It relies on the 'gws' binary, which is a resource provided by the author 'googleworkspace'.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes content from Google Workspace documents and can perform outbound actions via Gmail and Chat.
- Ingestion points: The skill ingests untrusted data from Google Docs and Drive files via 'gws' commands.
- Boundary markers: There are no explicit instructions or delimiters used to separate document content from agent instructions.
- Capability inventory: The skill has the capability to send emails ('gws gmail +send') and post to Chat ('gws workflow +file-announce'), providing a potential pathway for data exfiltration if instructions in a document are followed.
- Sanitization: No sanitization or content filtering is implemented for the data retrieved from Workspace.
Audit Metadata