gog
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
gogcommand-line tool to interact with Google Workspace services. This includes reading and writing data in Gmail, Calendar, Drive, and Sheets. - [EXTERNAL_DOWNLOADS]: The skill metadata defines an installation step that uses Homebrew to download and install a binary from a third-party repository (
steipete/tap/gogcli). This external dependency is required for the skill to operate. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external sources and has high-privilege capabilities to perform actions.
- Ingestion points: Untrusted data enters the agent's context through commands like
gog gmail search,gog gmail messages search,gog drive search, andgog docs cat. - Boundary markers: The skill does not provide any delimiters or instructions for the agent to disregard instructions that might be embedded within the retrieved emails or documents.
- Capability inventory: The skill can perform sensitive actions, such as sending emails (
gog gmail send), creating calendar events (gog calendar create), and modifying spreadsheets (gog sheets update). - Sanitization: There is no evidence of sanitization or filtering of the data retrieved from Google Workspace before it is processed by the agent.
Audit Metadata