google-docs-automation
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFENO_CODEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill documentation refers to implementation scripts 'scripts/auth.py' and 'scripts/docs.py' which are not included in the provided package files.
- [DATA_EXFILTRATION]: The skill documentation states that 'Access tokens are automatically refreshed... using Google's cloud function'. This indicates a potential data exposure risk where OAuth tokens are transmitted to a custom cloud-hosted intermediary instead of official Google endpoints.
- [PROMPT_INJECTION]: Retreiving document content via the 'get-text' command enables external data ingestion that can influence agent behavior. Ingestion points: Document content retrieved by 'scripts/docs.py'. Boundary markers: No delimiters or protective instructions are specified to isolate document content from agent instructions. Capability inventory: The skill can search, create, and modify Google Docs content. Sanitization: No content sanitization or instruction filtering is mentioned in the documentation.
Audit Metadata