gcontacts
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes the 'gog' CLI for all operations. As 'gog' is not a listed trusted source, the skill's security relies on the integrity of this external binary.
- [INDIRECT_PROMPT_INJECTION] (LOW): Ingests contact data (names, notes) which may contain malicious instructions. 1. Ingestion points: SKILL.md (via 'gog contacts search', 'gog contacts list', and 'gog contacts get' commands). 2. Boundary markers: Absent; there are no delimiters or warnings to ignore instructions within the retrieved contact data. 3. Capability inventory: Data modification and deletion via 'gog contacts delete', 'update', and 'create'. 4. Sanitization: No sanitization or validation of the retrieved contact content is specified before processing.
Audit Metadata