google-workspace
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires installing the '@membranehq/cli' package from npm. This is a vendor-owned package provided by the author to support the skill's functionality.
- [COMMAND_EXECUTION]: The skill uses the 'membrane' CLI to perform operations such as logging in and executing Workspace actions. These commands are essential for the integration.
- [PROMPT_INJECTION]: The skill processes untrusted data from Google Workspace (like emails and documents), which creates an attack surface for indirect prompt injection. 1. Ingestion points: Gmail messages, Google Drive files, and document content. 2. Boundary markers: No specific delimitation or 'ignore' instructions are provided in the skill documentation. 3. Capability inventory: The skill can perform administrative actions such as creating or deleting users and groups, and proxying requests to the Google Workspace API. 4. Sanitization: No explicit sanitization or validation of the ingested external content is mentioned.
Audit Metadata