The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires users to manually obtain an OAuth client configuration JSON file from the official Google Cloud Console. This is a legitimate part of the authentication flow for Google Analytics APIs.
[DATA_EXFILTRATION]: The skill transmits event data to official Google Analytics collection endpoints via the Measurement Protocol in src/ga4/mp.py. This is documented behavior for the purpose of event tracking.
[COMMAND_EXECUTION]: The CLI implementation in src/ga4/client.py uses a @path prefix syntax to load JSON arguments from the local filesystem. While intended for loading complex query payloads, this capability allows the agent to attempt reading local files if it is tricked into targeting sensitive system paths.
[PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface because it ingests untrusted data from analytics reports (e.g., page titles, event names) in src/ga4/data.py and presents it to the agent. This ingested data lacks boundary markers or sanitization, and the skill possesses administrative capabilities (such as property or user deletion in src/ga4/properties.py and src/ga4/access_bindings.py) that could be targeted by a malicious payload embedded in the analytics stream.

google-analytics