gog
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill functions by executing the
gogbinary to interact with Google APIs. This provides the agent with the ability to perform actions such as sending emails, updating spreadsheets, and exporting documents. - [EXTERNAL_DOWNLOADS]: The skill requires the manual installation of the
gogCLI via a third-party Homebrew tap (steipete/tap/gogcli). While the source is a known developer, it remains an external dependency outside of the agent's immediate control. - [DATA_EXFILTRATION]: The skill enables the agent to access highly sensitive personal and corporate data including Gmail messages, Drive files, and Contacts. This functionality creates a potential pathway for data exposure if the agent's logic is subverted.
- [PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection because it retrieves and processes content from untrusted external sources.
- Ingestion points: Found in
SKILL.md(via commands likegog gmail search,gog docs cat,gog drive search, andgog sheets get). - Boundary markers: No boundary markers or 'ignore instructions' warnings are implemented in the command definitions.
- Capability inventory: The agent can perform high-impact actions like
gog gmail sendandgog sheets updateafter reading untrusted data. - Sanitization: No sanitization or filtering of the retrieved Google Workspace content is specified before the data is processed by the agent.
- [NO_CODE]: The skill itself does not contain executable script files (e.g., Python or Bash) but relies entirely on external binary calls and instructions.
Audit Metadata