google-docs
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through untrusted document content.\n
- Ingestion points: Document content and metadata are ingested into the agent context in
scripts/google-docs.pyvia theread_document_contentandexport_document_as_markdownfunctions.\n - Boundary markers: Absent; the skill does not implement delimiters or explicit safety instructions to isolate external content from system prompts.\n
- Capability inventory: The skill possesses extensive write and delete capabilities within
scripts/google-docs.py, including creating, appending, inserting, and deleting content, which could be abused if the agent is manipulated by document content.\n - Sanitization: Absent; there is no evidence of sanitization or validation of the text retrieved from the Google Docs API before it is presented to the agent.\n- [SAFE]: The skill relies on standard, well-known Python libraries (google-auth, googleapiclient, keyring) and communicates only with official Google API endpoints.\n- [SAFE]: Authentication is handled using standard OAuth 2.0 protocols, and sensitive tokens are stored securely in the system keyring rather than in plain-text files.
Audit Metadata