recipe-sync-contacts-to-sheet
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the 'gws' command-line utility to perform directory lookups and spreadsheet updates.
- [PROMPT_INJECTION]: The skill processes external data from the Google Contacts directory which presents a surface for indirect prompt injection. Ingestion Point: The agent reads JSON output from the 'gws people listDirectoryPeople' command. Boundary Markers: No explicit delimiters or safety instructions are used to separate contact data from instructions. Capability Inventory: The agent has the capability to write data to spreadsheets via 'gws sheets'. Sanitization: No sanitization of contact fields is performed before data is appended to the target spreadsheet.
Audit Metadata