google-sheets-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (HIGH): The skill identifies itself as handling "email processing" and "spreadsheet operations," which are primary vectors for untrusted data ingestion. It simultaneously requests "Bash" access and file "Write"/"Edit" permissions.
- Ingestion points: "SKILL.md" mentions processing emails and spreadsheet data.
- Boundary markers: None specified in the documentation.
- Capability inventory: The skill requests the "Bash" tool, providing a path to system-level execution.
- Sanitization: No evidence of input sanitization or instruction filtering is present in the provided metadata.
- Command Execution (HIGH): The skill requests explicit permission for the "Bash" tool, which can be leveraged if an attacker successfully injects instructions via the data processing pipelines mentioned.
- No Code (LOW): No executable scripts or configuration files were provided for analysis beyond the "SKILL.md" definition. This makes it impossible to verify the actual implementation or safety of the requested capabilities.
Recommendations
- AI detected serious security threats
Audit Metadata