google-docs
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [Data Exposure & Exfiltration] (MEDIUM): The documentation states that OAuth tokens are refreshed via a cloud function. Since the source code for auth.py is missing, the destination and ownership of this function cannot be verified, which poses a risk of credential interception.\n- [Indirect Prompt Injection] (LOW): The skill reads untrusted data from external documents which could contain malicious instructions directed at the agent.\n
- Ingestion points: scripts/docs.py get-text (extracts text from user-controlled Google Docs).\n
- Boundary markers: Absent; no documented delimiters or instructions to ignore embedded instructions.\n
- Capability inventory: scripts/docs.py can create and modify documents (append, insert, replace text).\n
- Sanitization: Absent; no evidence of input validation or content filtering.\n- [Unverifiable Implementation] (MEDIUM): The core implementation scripts (auth.py and docs.py) are referenced in the documentation but not provided in the package, preventing a full security audit of command execution or network calls.
Audit Metadata