gws-keep
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interfaces with the system by executing the 'gws' command-line utility to perform actions like creating, listing, and deleting notes.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it ingests untrusted data from external note content. 1. Ingestion points: Data enters the agent's context through 'notes.get', 'notes.list', and 'media.download' methods which retrieve note text and attachments from Google Keep. 2. Boundary markers: No explicit boundary markers or instructions to ignore embedded content are defined in the skill documentation. 3. Capability inventory: The skill can execute various subcommands via the 'gws' binary, including note deletion and creation. 4. Sanitization: There is no evidence of sanitization or filtering of the retrieved note content before it is processed by the agent.
Audit Metadata