gws-workflow-weekly-digest
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the
gwscommand-line tool to retrieve data from Google Workspace services as specified in the frontmatter requirements and usage examples. - [PROMPT_INJECTION]: The skill demonstrates a potential surface for indirect prompt injection by ingesting untrusted data from external sources. * Ingestion points: The skill fetches unread email counts and meeting agendas via the
gws workflow +weekly-digestcommand. * Boundary markers: No specific delimiters or instructions are provided within the skill to distinguish external data from the agent's core instructions. * Capability inventory: The skill utilizes thegwsbinary to read user data from cloud productivity services. * Sanitization: There is no evidence of sanitization or validation performed on the retrieved email subjects or calendar event titles before they are presented to the agent.
Audit Metadata