The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The skill documentation references and executes local Python scripts (scripts/auth.py, scripts/chat.py) that are missing from the provided payload, making the actual logic unverified. \n- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection. 1. Ingestion points: Message history retrieval via get-messages. 2. Boundary markers: Absent. 3. Capability inventory: Ability to send messages (send-message, send-dm) and manage spaces (setup-space). 4. Sanitization: Absent. \n- [DATA_EXFILTRATION] (LOW): Documentation in SKILL.md describes an automatic token refresh mechanism using a 'Google's cloud function'. This represents an unverified network operation handling sensitive OAuth credentials. \n- [EXTERNAL_DOWNLOADS] (LOW): The setup instructions require the installation of the keyring package from PyPI.

google-chat