gong
Warn
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The helper script
scripts/gong.shis vulnerable to shell command injection in thecallsandstatscommands. Evidence: The variable$DAYSis interpolated into a subshell:FROM=$(date ... || date -d "$DAYS days ago" ...). If an agent passes unsanitized user input here, it could execute arbitrary system commands using shell metacharacters like$(...). - [DATA_EXFILTRATION]: The skill accesses sensitive local credentials. Evidence:
SKILL.mdandscripts/gong.shread API keys from~/.config/gong/credentials.json. While necessary for functionality, this pattern allows sensitive credentials to be ingested into the agent context and potentially exfiltrated. - [COMMAND_EXECUTION]: Potential for JSON injection in API requests. Evidence: In
scripts/gong.sh, thetranscriptandcallcommands interpolate arguments directly into JSON strings used incurlrequests. This could allow a malicious user to modify the API request structure. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface. Ingestion points: Transcripts fetched from the Gong API are processed as raw text in
scripts/gong.sh. Boundary markers: None are used to separate transcript content from other instructions. Capability inventory: The skill can read local credential files and perform network requests. Sanitization: No sanitization is applied to the external transcript data before it is presented to the agent.
Audit Metadata