gog
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the gog binary from a third-party Homebrew tap (steipete/tap/gogcli). While Homebrew is a well-known service, the repository belongs to an individual developer and is used for the skill's primary function.
- [COMMAND_EXECUTION]: Executes the gog CLI to perform actions like sending emails, managing calendar events, and modifying Google Sheets through subprocess calls.
- [PROMPT_INJECTION]: The skill ingests untrusted data from external sources, which presents a risk of indirect prompt injection. 1. Ingestion points: Gmail message search (gog gmail messages search) and Google Doc content retrieval (gog docs cat). 2. Boundary markers: No delimiters or ignore instructions are provided to separate external content from agent instructions. 3. Capability inventory: The tool allows sending emails, creating calendar events, and updating spreadsheets. 4. Sanitization: No sanitization or validation of external content is specified before processing.
Audit Metadata