ga4-analytics
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data from Google Analytics and Search Console APIs, which could contain untrusted content such as page titles or search queries. \n
- Ingestion points: Data is retrieved via Google API calls as described in SKILL.md.\n
- Boundary markers: None identified in the provided instructions.\n
- Capability inventory: The skill can write files to the local results/ directory and perform network requests to Google APIs.\n
- Sanitization: No specific sanitization or validation of the API-returned content is mentioned. \n- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: Instructs the user to install dependencies using npm install for the local project. This is a standard procedure for Node.js-based tools. \n- [DYNAMIC_EXECUTION]: Uses npx tsx to execute local TypeScript script files to perform API operations. \n- [DATA_EXPOSURE_AND_EXFILTRATION]: Manages Google Cloud credentials via a local .env file, which is a standard configuration pattern for this type of integration.
Audit Metadata