gws-israeli-business-sheets

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly reads and processes arbitrary Google Sheets/CSV/JSON data provided via gws (e.g., "gws sheets read --spreadsheet-id ...", Step 4 and Step 5 and scripts/vat-summary.py and scripts/backup-sheets.py), meaning untrusted/user-generated spreadsheet content from third parties will be programmatically interpreted and can change subsequent actions (summaries, appends, exports), which could enable indirect prompt-injection via malicious sheet contents.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires installing and running the external gws CLI (e.g., npm install -g @googleworkspace/cli or npm install -g @google/gws — https://www.npmjs.com/package/@googleworkspace/cli, https://www.npmjs.com/package/@google/gws) and the bundled scripts call that CLI via subprocess.run(["gws", ...]), so remote package code would be fetched and executed at runtime as a required dependency.