google-apps-script
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions to override agent behavior or bypass filters.
- [Data Exposure & Exfiltration] (SAFE): Templates use standard Google services for intended automation; no hardcoded secrets or sensitive path access.
- [External Downloads] (SAFE): Documentation of UrlFetchApp.fetch() is appropriate for the skill's purpose and uses trusted Google domains or generic placeholders.
- [Indirect Prompt Injection] (SAFE): Surface detected: (1) Ingestion: User requirements; (2) Boundaries: Comment delimiters present; (3) Capabilities: MailApp, UrlFetchApp, SpreadsheetApp; (4) Sanitization: Not explicitly required in instructions. The risk is consistent with standard code generation skills.
Audit Metadata