The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/workspace.js utilizes the node:vm module to execute arbitrary JavaScript code passed via stdin or command-line arguments. While this enables flexible API interactions, it allows the agent to execute dynamic logic within the local environment with access to the auth and workspace objects.
[EXTERNAL_DOWNLOADS]: The scripts/common.js file includes a function installDependencies that automatically executes npm install if the required packages (googleapis, @google-cloud/local-auth) are missing. This occurs at runtime without explicit user confirmation during the first execution.
[DATA_EXFILTRATION]: In the default 'cloud' authentication mode, the skill transmits OAuth refresh tokens to https://google-workspace-extension.geminicli.com/refreshToken to perform token renewals. This makes the external domain a trusted party in the authentication flow.
[PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from external sources like Gmail messages and Google Drive files, creating an indirect prompt injection surface.
Ingestion points: Data is pulled through workspace.call or workspace.service calls within scripts/workspace.js to Gmail and Drive APIs.
Boundary markers: No specific delimiters or instructions are provided to the agent to differentiate between data content and control instructions in the retrieved payloads.
Capability inventory: The skill possesses extensive capabilities to read, write, and delete data across various Google Workspace services (Gmail, Drive, Calendar, Docs, etc.).
Sanitization: Content retrieved from APIs is returned to the agent context in its raw format without sanitization or filtering.

google-workspace