Skills
skills/stephengpope/thepopebot/google-docs/Gen Agent Trust Hub

google-docs

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The script create.sh interacts with well-known Google services at googleapis.com to exchange credentials for access tokens and perform document operations.\n- [COMMAND_EXECUTION]: The skill executes local system commands including openssl for generating RS256 signatures and jq for handling JSON data structure construction in the create.sh script.\n- [PROMPT_INJECTION]: Indirect prompt injection surface detected:\n
  • Ingestion points: The CONTENT argument in create.sh accepts arbitrary text from the agent context to be written to a document.\n
  • Boundary markers: No specific delimiters or instructions are used to separate user-provided data from the document structure or to warn the agent about embedded content.\n
  • Capability inventory: The skill possesses the capability to create and modify Google Documents via authenticated API calls using curl.\n
  • Sanitization: While jq --arg is used to prevent shell or JSON structure injection, the text content itself is not sanitized for potential instructions that could influence an agent reading the document later.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 07:41 AM