gws-workflow-meeting-prep
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from external sources. \n
- Ingestion points: Event descriptions, attendee lists, and agenda details from Google Calendar retrieved via the
gwstool in SKILL.md. \n - Boundary markers: Absent; the skill does not use specific delimiters or instructions to isolate retrieved meeting content from agent instructions. \n
- Capability inventory: The skill uses the
gwscommand-line interface to read data; it does not demonstrate capabilities for file modification or unsolicited network transmission. \n - Sanitization: Absent; there is no evidence of content filtering or validation for the retrieved calendar data. \n- [COMMAND_EXECUTION]: The skill executes the
gwsbinary to fetch calendar events, which is the primary intended function of the workflow. \n- [NO_CODE]: No executable scripts are distributed with the skill; it operates by defining metadata and calling an existing CLI tool.
Audit Metadata