gog-advanced
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill installs 'gogcli' from 'steipete/tap/gogcli' via Homebrew. This is a third-party source not included in the pre-approved trusted list, posing a supply chain risk through potential binary modification.
- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8) due to its combination of data ingestion and high-privilege write capabilities.
- Ingestion points: The skill reads untrusted external data from Gmail ('gog gmail search'), Google Drive ('gog drive search'), and Calendar ('gog calendar events').
- Boundary markers: Absent. The instructions do not define delimiters or structural isolation to prevent the agent from following instructions embedded within the retrieved data.
- Capability inventory: The skill possesses extensive write capabilities, including sending emails ('gog gmail send'), updating spreadsheets ('gog sheets update'), and creating calendar events ('gog calendar create').
- Sanitization: Absent. There is no evidence of sanitization or filtering logic applied to external data before it is processed by the agent.
- [COMMAND_EXECUTION] (MEDIUM): The skill relies on 'gog' CLI commands where arguments (like search queries or message bodies) are derived from external content, which could lead to command argument injection if not handled by the underlying binary.
Recommendations
- AI detected serious security threats
Audit Metadata