google-devdocs
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Dynamic Execution] (MEDIUM): The search workflow in
SKILL.mduses a shell command that executes a python snippet:$(python3 -c "import urllib.parse; print(urllib.parse.quote('YOUR QUERY'))"). There is a risk of command injection if the agent interpolates user-provided search terms containing single quotes without proper escaping, which could allow arbitrary code execution. - [Indirect Prompt Injection] (LOW): The skill ingests documentation content from
developerknowledge.googleapis.com. This creates an indirect prompt injection surface. Evidence fromSKILL.md: Ingestion points are the API responses; boundary markers and sanitization are absent; capabilities include command execution and network access. - [Data Exposure & Exfiltration] (SAFE): The skill performs network requests to an official Google API. This is a trusted source and is considered safe as it does not access or exfiltrate sensitive local data.
Audit Metadata