The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill installs the 'gog' CLI utility from a third-party Homebrew tap ('steipete/tap/gogcli') which is not on the trusted vendors list.\n- [COMMAND_EXECUTION]: The agent executes numerous shell commands using the 'gog' binary to interact with and modify Google Workspace data.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the way it processes external data from Google services.\n * Ingestion points: Untrusted content is read from Gmail messages, Google Docs, and Drive files ('gog gmail messages search', 'gog docs cat').\n * Boundary markers: The instructions do not define delimiters or specific safety markers to distinguish between system instructions and data from external files/emails.\n * Capability inventory: The agent has broad capabilities to send emails, delete files, and modify calendar events, creating a high-impact surface for indirect injection attacks.\n * Sanitization: No sanitization or validation of external content is performed before the agent processes the information.

gog-onboard