Skills
skills/wadewarren/gws-claude-plugin/gws-chat/Gen Agent Trust Hub

gws-chat

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the gws binary to execute commands for managing Google Workspace Chat resources.\n- [DATA_EXFILTRATION]: The skill provides the ability to download media files and retrieve message content from Google Chat, which enables data transfer from the Google Workspace environment.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface when the agent processes data retrieved from chat spaces.\n
  • Ingestion points: The skill reads space details, message content, and member lists through the spaces and media resources defined in SKILL.md.\n
  • Boundary markers: The skill documentation lacks specific delimiters or instructions to treat chat data as untrusted content.\n
  • Capability inventory: The skill possesses capabilities to modify chat environments, such as spaces.create, spaces.delete, and media.download, which could be triggered by malicious data.\n
  • Sanitization: No input validation or sanitization logic is specified for data retrieved from external Google Chat API endpoints.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 04:56 PM