gws
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the Google Workspace CLI from the npm registry and configuration files from the official Google Workspace GitHub repository.
- [COMMAND_EXECUTION]: The skill executes the 'gws' CLI and 'gcloud' commands to perform administrative and data management tasks across Google Workspace, as seen in 'SKILL.md' and 'scripts/check-gws.sh'.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of retrieving data from external, untrusted sources.
- Ingestion points: Content is ingested through API methods that read email messages and files (e.g., 'gws gmail users messages get' and 'gws drive files get' in 'SKILL.md').
- Boundary markers: The documentation references a 'Model Armor' safety feature that can be used to flag or block malicious content within API responses.
- Capability inventory: The skill provides a wide range of impactful capabilities, including sending emails, modifying calendar events, and managing file permissions across the Google Workspace suite.
- Sanitization: Sanitization is available via the optional '--sanitize' flag using Google's Model Armor service, which allows the agent to filter or warn about suspicious content in the ingested data.
Audit Metadata