gogcli
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires installing an external binary
gogvia the third-party Homebrew tapsteipete/tap/gogcli. This source is not on the predefined trusted list. - COMMAND_EXECUTION (LOW): The skill relies on executing the
gogCLI tool to perform actions across Google Workspace services. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection due to reading untrusted data from external services. 1. Ingestion points: Data is retrieved via
gog gmail messages search,gog drive search, andgog sheets get. 2. Boundary markers: The instructions do not define delimiters for external content. 3. Capability inventory: The skill can send emails (gog gmail send), update spreadsheets, and modify calendar events. 4. Sanitization: No explicit sanitization of ingested content is performed before processing.
Audit Metadata