gog-cli
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill creates a high-risk vulnerability surface by combining the reading of untrusted external data with high-privilege write/configuration operations.
- Ingestion Points: Untrusted data enters via
gog gmail search/get(references/gmail.md),gog docs cat(references/docs-slides.md),gog sheets get(references/sheets.md), andgog chat messages list(references/chat.md). - Boundary Markers: None are defined in the instructions to help the agent distinguish between user instructions and data content.
- Capability Inventory: The skill provides commands for
gog gmail forwarding add,gog gmail delegates add,gog drive share, andgog gmail sendacross multiple service files. - Sanitization: No evidence of sanitization or filtering of external content before processing.
- [Data Exfiltration] (HIGH): The skill documentation includes commands specifically designed for persistent data access and exfiltration.
- Evidence:
gog gmail forwarding add --email forward@example.com(references/gmail.md) allows redirecting all incoming mail to an external address. - Evidence:
gog gmail delegates add --email delegate@example.com(references/gmail.md) allows granting full account access to a third party. - Evidence:
gog drive share <fileId> --email user@example.com --role writer(references/drive.md) can be used to expose sensitive documents. - [Command Execution] (MEDIUM): The skill relies on a local binary
gog. While the binary's source code is not provided, the skill instructs the agent to execute shell commands with broad access to the user's Google Workspace environment, including the ability to download/upload local files usinggog drive upload/download(references/drive.md).
Recommendations
- AI detected serious security threats
Audit Metadata