spreadsheets
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: All network operations are performed against official Google API endpoints (sheets.googleapis.com and www.googleapis.com), which are recognized as well-known and trusted services.- [SAFE]: No obfuscation, hardcoded credentials, or unauthorized command execution patterns were found in the skill metadata or configuration.- [PROMPT_INJECTION]: The skill presents a standard indirect prompt injection surface by reading data from external spreadsheets.
- Ingestion points: The 'read-range' and 'get' actions in 'skill-router.json' allow the agent to fetch content from Google Sheets.
- Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands defined in the response mapping.
- Capability inventory: The skill can read, update, and append spreadsheet data, and manage file permissions via the Drive API.
- Sanitization: Data is provided to the agent context without sanitization, which is typical for this type of data-processing integration.
Audit Metadata