The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The skill installs a third-party tool via a Homebrew tap (steipete/tap/gogcli). This source is not listed as a trusted organization or repository. While the developer is known in the community, the binary's integrity cannot be automatically verified by the agent framework.
[PROMPT_INJECTION] (LOW): The skill is highly vulnerable to indirect prompt injection because it is designed to read untrusted content from multiple sources (Gmail, Google Drive, Docs, and Sheets). This content could contain malicious instructions that influence the agent's behavior.
Ingestion points: File content from gog drive get, email bodies from gog gmail thread get, and spreadsheet data from gog sheets get.
Boundary markers: No specific boundary markers or delimiters are provided to the agent to distinguish between user-supplied instructions and retrieved data.
Capability inventory: The skill possesses high-privilege capabilities including sending emails, deleting calendar events, and modifying files.
Sanitization: There is no evidence of sanitization or filtering of the retrieved data before it is processed by the agent.
[COMMAND_EXECUTION] (SAFE): The skill relies heavily on command execution to interact with the Google Workspace API. However, it implements a robust safety framework requiring explicit user confirmation for all 'write' operations (sending, deleting, updating), which significantly reduces the risk of autonomous malicious action.
[DATA_EXFILTRATION] (SAFE): The primary function of the skill is to manage sensitive user data. Since this is the stated and intended purpose, and access is gated by an OAuth flow initiated by the user, the data access itself is not considered malicious exfiltration.

clawlaunch-gog