speaking
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it ingest and processes untrusted data from external sources.
- Ingestion points: The skill reads full email threads via
gog gmail readand retrieves data from Google Sheets usinggog sheets get. - Boundary markers: There are no delimiters or instructions provided to the agent to ignore or isolate potentially malicious instructions embedded within the emails or sheet data.
- Capability inventory: The skill has the ability to read and write local files in the
/Users/steipete/Projects/conferencesdirectory, and it can update Google Sheets viagog sheets update. - Sanitization: There is no evidence of sanitization, validation, or filtering of the content retrieved from Gmail or Sheets before it is used to make decisions or update files.
- [COMMAND_EXECUTION]: The skill makes extensive use of the
gogcommand-line utility to interact with Google services. It also manages files within a local project directory (/Users/steipete/Projects/conferences). These capabilities are necessary for the skill's functionality but provide a broad attack surface if the agent's logic is subverted through a prompt injection attack.
Audit Metadata