google-apps-script
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill provides templates that ingest and process untrusted external data, creating a vulnerability surface for indirect prompt injection.
- Ingestion points: Gmail message processing in
references/examples.md(GmailApp.search) and Form response processing inreferences/patterns.md(onFormSubmit(e)). - Boundary markers: None. The logic assumes the data is trusted and lacks delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill possesses significant capabilities including sending emails (
MailApp.sendEmail), creating triggers (ScriptApp.newTrigger), making network requests (UrlFetchApp.fetch), and managing files (DriveApp). - Sanitization: No input validation or sanitization of string content from external inputs is implemented in the provided examples.
- [Data Exposure & Exfiltration] (SAFE): While the skill uses network-capable services like
UrlFetchApp, it does so in the context of standard API patterns. No hardcoded credentials or attempts to access system-level secrets (like SSH keys) were detected. - [Prompt Injection] (SAFE): The
SKILL.mdand related documentation contain no instructions designed to override agent safety filters or bypass system prompts. - [Dynamic Execution] (SAFE): No usage of
eval(),exec(), or dynamic runtime code generation was observed in the JavaScript templates.
Audit Metadata