google-workspace
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- Data Exposure & Exfiltration (SAFE): The skill manages authentication tokens using standard environment variable patterns and communicates only with official Google API domains. No hardcoded secrets or unauthorized exfiltration paths were found.
- Unverifiable Dependencies & Remote Code Execution (SAFE): No remote code execution or dynamic code generation is present. The skill references the legitimate 'jose' library for standard JWT operations.
- Indirect Prompt Injection (SAFE): While the documentation covers processing external chat messages, it includes standard security verification steps, such as bearer token validation, and does not suggest unsafe interpolation of untrusted data into prompts.
Audit Metadata