google-sheets
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill manages sensitive Google OAuth 2.0 credentials, including client IDs, client secrets, and access/refresh tokens.
- It stores client credentials in a YAML configuration file at
~/.config/agent-skills/google.yamlor~/.config/agent-skills/google-sheets.yaml. - It stores OAuth tokens in the system keyring using the
keyringlibrary to ensure they are persisted across sessions. - While this follows standard practices for local CLI tools, these credentials are accessible to the agent within its environment.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of external spreadsheet data.
- Ingestion points: Data is retrieved from Google Sheets via the
values readcommand inscripts/google-sheets.py. - Boundary markers: The skill does not implement specific delimiters or instructions to the agent to ignore or treat spreadsheet content as untrusted data.
- Capability inventory: The script has the capability to perform network operations (Google Sheets API calls) and the agent environment typically allows execution of shell commands.
- Sanitization: There is no validation or sanitization of spreadsheet cell content before it is processed by the agent.
Audit Metadata