persona-team-lead
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the gws command-line tool to interact with Google Workspace services such as Gmail, Calendar, and Chat. These commands are part of the intended functionality for the team lead persona.
- [PROMPT_INJECTION]: The skill processes data from external sources, which introduces a potential surface for indirect prompt injection. 1. Ingestion points: Content is ingested from gws-gmail and gws-chat through workflows like +email-to-task and +standup-report. 2. Boundary markers: There are no explicit boundary markers or delimiters defined in the instructions to separate untrusted content. 3. Capability inventory: The agent can execute gws commands to create chat messages and update spreadsheets. 4. Sanitization: The instructions suggest using a --sanitize flag for sensitive data, but the skill itself does not implement sanitization logic.
Audit Metadata