gws-classroom
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the 'gws' command-line tool to interact with the Google Classroom API for managing courses, student rosters, and assignments.
- [SAFE]: There are no signs of hardcoded credentials, malicious downloads, or persistence mechanisms. The skill documentation provides clear instructions on authentication and usage.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of external API data.
- Ingestion points: Untrusted data enters the agent context through methods that list or get 'courses', 'announcements', 'posts', and 'userProfiles' (SKILL.md).
- Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are present in the documentation.
- Capability inventory: The skill includes commands to create, update, patch, and delete various Classroom resources using the 'gws' binary.
- Sanitization: There is no description of input validation or content sanitization for data retrieved from the Classroom API.
Audit Metadata