Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill requires the agent to access and process a local Google Workspace authentication file at
/path/to/credentials.jsonusing thegog auth credentialscommand. - [EXTERNAL_DOWNLOADS]: The setup instructions include downloading and installing the
gogclitool from a non-standard Homebrew tap (steipete/tap/gogcli) which is not on the trusted vendors list. - [COMMAND_EXECUTION]: The skill relies on executing system commands via the
brewpackage manager and thegogCLI to perform operations across Google services. - [DATA_EXFILTRATION]: The skill facilitates the reading and transmission of sensitive data from Gmail, Google Drive, Sheets, and Docs. Specifically, the
gog gmail sendandgog drive downloadcommands provide mechanisms to move data from the user's workspace to external recipients or local file paths. - [PERSISTENCE_MECHANISMS]: The skill documentation explicitly mentions using
cronto poll emails every minute, which establishes a persistent execution path on the host system. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from external sources (emails, files, and spreadsheets).
- Ingestion points: Gmail message content, Drive file contents, and Sheets cell data are processed by the agent.
- Boundary markers: No boundary markers or 'ignore' instructions are used when processing the retrieved content.
- Capability inventory: The skill has broad capabilities including sending emails, creating calendar events, uploading files to Drive, and modifying spreadsheet data.
- Sanitization: There is no evidence of sanitization or filtering applied to data retrieved from Google services before it is passed to the agent's context.
Recommendations
- AI detected serious security threats
Audit Metadata