gogcli
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill creates a significant attack surface by reading external content that could contain malicious instructions.
- Ingestion points:
gog gmail search,gog drive download,gog sheets get(all ingest data from external sources into the agent context inSKILL.mdandreferences/examples.md). - Capability inventory: The skill allows the agent to execute
gog gmail send,gog drive share, andgog sheets update, as well as write files to the local system. - Boundary markers: There are no delimited boundaries or instructions provided to ignore potential commands within the ingested data.
- Sanitization: No sanitization or validation logic is present for the data being processed.
- External Downloads (MEDIUM): The skill requires the
gogCLI tool from a non-pre-approved GitHub repository (steipete/gogcli). Downloading and using binaries from untrusted sources is a supply-chain risk. - Command Execution (MEDIUM): The documentation in
references/examples.mdencourages complex shell pipelines and scripts (usingjq,tr, and subshells). If the agent interpolates unsanitized data from external sources into these commands, it could lead to arbitrary command execution on the host system.
Recommendations
- AI detected serious security threats
Audit Metadata