google-sheets-automation
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing local Python scripts (
scripts/auth.pyandscripts/sheets.py) to perform all operations, including authentication and spreadsheet manipulation. - [EXTERNAL_DOWNLOADS]: The documentation mentions that tokens are automatically refreshed using a remote "Google's cloud function," which introduces a dependency on an external network resource for maintaining authentication state.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted data from external Google Sheets and presents it to the agent context.
- Ingestion points: Data enters the agent context through
scripts/sheets.pyvia commands likeget-text,get-range, andfind(documented in SKILL.md). - Boundary markers: There are no documented boundary markers or instructions to the agent to ignore embedded commands within the spreadsheet data.
- Capability inventory: The skill includes write capabilities such as
update-range,append-rows, andbatch-update(documented in SKILL.md), which could be abused if an attacker injects instructions into a spreadsheet the agent reads. - Sanitization: No sanitization or validation of the spreadsheet content is mentioned before the data is processed or returned to the agent.
Audit Metadata