gog
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill installs a binary via a third-party Homebrew tap (steipete/tap/gogcli). This repository is not on the trusted list of organizations.
- PROMPT_INJECTION (LOW): Category 8
- Indirect Prompt Injection. The skill interacts with external data sources (Gmail, Docs, Sheets) that can contain untrusted instructions.
- Ingestion points: gog gmail search, gog docs cat, gog sheets get.
- Boundary markers: None specified.
- Capability inventory: Execution of gog CLI for sending emails and modifying documents/sheets.
- Sanitization: Not documented.
- COMMAND_EXECUTION (SAFE): The skill uses a CLI binary to perform its primary function. This is intended behavior for a developer tool.
Audit Metadata