gsheets
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Identified high-risk Indirect Prompt Injection surface (Category 8). The skill ingests untrusted data from external spreadsheets and possesses side-effect capabilities that can be abused. Evidence: 1. Ingestion points: The
readcommand inscripts/gsheets.tspulls cell data into the agent context. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the skill's guidance. 3. Capability inventory: Commandswrite,append,create, andadd-sheetallow for significant state modification. 4. Sanitization: No sanitization of ingested cell data is specified. - [COMMAND_EXECUTION] (LOW): The skill executes local TypeScript files using
npx tsx. While these are local scripts, they represent the execution of logic outside the model's direct control. - [DATA_EXPOSURE] (MEDIUM): The skill accesses sensitive local files including OAuth credentials at
~/.config/google-skill/credentials.jsonand tokens in.claude/google-skill.local.json. - [METADATA_POISONING] (MEDIUM): The setup instructions reference a
gmail.tsscript for a Google Sheets skill, which is misleading and suggests potential hidden cross-service functionality or poor maintenance.
Recommendations
- AI detected serious security threats
Audit Metadata