ga4-analytics
Warn
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill is designed to ingest data from external Google APIs and present it to the agent for summarization and analysis, creating an attack surface for indirect injection.
- Ingestion points: Data enters the system via
scripts/src/api/reports.ts(GA4) andscripts/src/api/searchConsole.ts(Search Console). - Boundary markers: No explicit delimiters or boundary markers are used when the agent reads the stored JSON results to generate summaries.
- Capability inventory: The skill has permissions to write files to the
results/directory and perform authenticated network requests to Google services. - Sanitization: While
scripts/src/core/storage.tssanitizes filenames to prevent path traversal, the actual content of the reports (such as page titles or query strings) is not sanitized. Malicious instructions embedded in tracked website metadata could be interpreted as commands by the agent during the Phase 3 'Summarize' workflow.
Audit Metadata