gws-israeli-business-sheets
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external data retrieved from Google Sheets, creating a surface for indirect prompt injection. Ingestion points: Spreadsheet content is read into the agent context via 'gws sheets read'. Boundary markers: No delimiters or instructions are used to isolate retrieved spreadsheet data from the agent's instructions. Capability inventory: The skill can execute local commands via 'gws' and write files to the local system. Sanitization: No validation or escaping is performed on the data retrieved from spreadsheets.
- [COMMAND_EXECUTION]: The skill uses the 'scripts/backup-sheets.py' script to run 'gws' commands via 'subprocess.run'. The command construction uses argument lists, which is a safe practice that mitigates shell injection.
- [EXTERNAL_DOWNLOADS]: The skill documentation recommends installing the Google Workspace CLI ('@googleworkspace/cli') from NPM, a well-known service from a trusted provider.
- [DATA_EXFILTRATION]: Financial data is exported from Google Sheets to local CSV files. This operation is restricted to the local file system and is consistent with the skill's stated purpose of creating backups for accounting.
Audit Metadata