google-workspace-cli
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the @googleworkspace/cli package from the official NPM registry and GitHub repository, which are trusted sources.
- [COMMAND_EXECUTION]: Executes administrative and user-level tasks across Google Workspace using a CLI tool. All operations are performed within the scope of user-authenticated OAuth sessions.
- [REMOTE_CODE_EXECUTION]: Includes capabilities to deploy and run Apps Script projects, which is a standard feature for Workspace automation.
- [DATA_EXFILTRATION]: Handles sensitive user data including emails, documents, and contacts. Authentication credentials are managed via environment variables or encrypted local storage.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes data from external sources like email bodies and documents. However, it explicitly provides mitigations through Model Armor integration. Evidence: 1. Ingestion: Reads data from various Google Workspace APIs (SKILL.md); 2. Boundaries: No explicit boundary markers mentioned; 3. Capabilities: Full access to modify and send data across Workspace; 4. Sanitization: Supports Model Armor sanitization via the --sanitize flag.
Audit Metadata