Skills
skills/the-focus-ai/google-skill/gdocs/Gen Agent Trust Hub

gdocs

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a CLI-based architecture where the agent executes scripts via npx tsx to interact with Google APIs.
  • [INDIRECT_PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it reads and returns the full content of external Google Docs to the agent context.
  • Ingestion points: The readDocument function in scripts/gdocs.ts fetches and extracts plain text from the document body.
  • Boundary markers: There are no explicit boundary markers or instructions in SKILL.md to tell the agent to treat document content as untrusted data.
  • Capability inventory: The skill allows file system writes (fs.writeFile in exportDocument), Google Docs modification, and metadata listing.
  • Sanitization: Document content is extracted as plain text and returned without filtering or escaping of potential instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 12:28 AM