gog-cli
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (HIGH): The skill instructs users to install an external binary via a third-party Homebrew tap ('brew install steipete/tap/gogcli'). This involves downloading and executing code from a source outside the trusted list, posing a significant remote code execution risk if the source is compromised.\n- Data Exposure & Exfiltration (MEDIUM): The 'gog gmail track setup' command allows configuring a remote worker URL (e.g., workers.dev) to track email opens. This mechanism could be exploited to exfiltrate interaction data from the user's Gmail account to an external, attacker-controlled server.\n- Command Execution (MEDIUM): The skill provides an extensive interface for highly sensitive operations, including sending emails, deleting Drive files, and modifying sharing permissions. If misused via prompt injection, these capabilities could lead to unauthorized data access or loss.\n- Indirect Prompt Injection (LOW): The skill ingests untrusted data from Gmail bodies and Drive files without boundary markers or sanitization, while possessing high-impact capabilities like sending emails and deleting files.\n
- Ingestion points: Gmail message bodies (references/gmail.md) and Drive file names/content (references/drive-docs.md).\n
- Boundary markers: Absent in all command examples.\n
- Capability inventory: 'gog gmail send', 'gog drive delete', 'gog drive share', 'gog classroom coursework grade'.\n
- Sanitization: No sanitization or escaping of external content is mentioned.
Recommendations
- AI detected serious security threats
Audit Metadata