The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill installs the @googleworkspace/cli package from the official NPM registry as a global dependency. This utility is a well-known tool for managing Google Workspace environments via the command line.
[COMMAND_EXECUTION]: The skill facilitates the execution of various gws commands to interact with Google Drive, Gmail, Calendar, and other services. It correctly guides the user to use --dry-run flags for testing and provides clear instructions for pipeline processing using jq.
[PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection because it allows an AI agent to read content from external sources (Gmail messages, Drive files) and provides tools to execute actions based on that content.
Ingestion points: Untrusted data enters the agent's context through methods like gws gmail users-messages get, gws drive files get, and gws sheets spreadsheets-values get as documented in SKILL.md.
Boundary markers: The provided instructions do not include specific delimiters or 'ignore' instructions to prevent the agent from mistaking data content for instructions.
Capability inventory: The skill enables high-privilege operations including sending emails (gmail users-messages send), deleting files (drive files delete), and modifying permissions, which could be exploited if an injection occurs.
Sanitization: There is no mention of sanitizing or escaping the retrieved data before it is processed by the agent or passed to subsequent commands.

google-workspace