gog
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'gog' CLI tool from a third-party Homebrew repository ('steipete/tap/gogcli') which is outside the vendor's own infrastructure.\n- [COMMAND_EXECUTION]: The skill relies on shell command execution to interface with Google Workspace APIs via the 'gog' binary.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external Google Workspace services. \n
- Ingestion points: Data is ingested through 'gog gmail search', 'gog drive search', 'gog docs cat', and 'gog sheets get' commands.\n
- Boundary markers: The skill lacks explicit delimiters or instructions for the agent to ignore instructions embedded within the retrieved data.\n
- Capability inventory: The agent can take significant actions, including sending emails, creating calendar events, and modifying spreadsheets.\n
- Sanitization: There is no evidence of sanitization or filtering of the content retrieved from external sources before it is processed by the agent.
Audit Metadata