gog
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (HIGH): The skill is highly vulnerable to Indirect Prompt Injection. It retrieves untrusted content from external sources and provides tools to perform impactful actions based on that content.
- Ingestion points: The skill reads external data via
gog gmail search,gog drive search,gog sheets get, andgog docs cat. - Boundary markers: There are no specified boundary markers or delimiters to isolate untrusted content from agent instructions.
- Capability inventory: The skill allows for high-impact write operations including
gog gmail send(email exfiltration/spam),gog calendar create(scheduling), andgog sheets update(data manipulation). - Sanitization: No sanitization or validation mechanisms are described for the data retrieved from Google APIs before it is processed by the agent.
- External Downloads (MEDIUM): The installation process relies on a third-party Homebrew tap (
steipete/tap/gogcli). While the developer may be known in other contexts, this repository is not in the predefined list of trusted sources, meaning the binary integrity cannot be verified by this analysis. - Command Execution (LOW): The skill is designed to execute a local binary (
gog) to perform its tasks. While inherent to the skill's design, this grants the agent the ability to execute shell commands with the user's Google Workspace permissions.
Recommendations
- AI detected serious security threats
Audit Metadata