The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The skill relies on executing shell commands through the 'gog' CLI. There is a high risk of shell injection if the AI agent interpolates untrusted user data (such as search queries, email subjects, or file names) directly into the command strings without robust escaping or sanitization.- [DATA_EXFILTRATION] (MEDIUM): The skill grants the agent capabilities to read sensitive content (Gmail, Drive files, Sheets) and send it externally via 'gmail send --attach' or 'drive share'. This 'read-then-write' capability loop is a primary vector for exfiltrating private user information.- [INDIRECT_PROMPT_INJECTION] (LOW): The skill is highly vulnerable to indirect prompt injection because it ingests untrusted data from multiple sources. * Ingestion points: Gmail messages, Google Drive files, Google Sheets, and Tasks. * Boundary markers: None provided in the skill instructions to distinguish between instructions and data. * Capability inventory: Extensive read, write, send, and delete permissions across the entire Google Workspace. * Sanitization: No sanitization or validation logic is defined to protect against malicious instructions embedded in the processed data.

gog