Skills
skills/wadewarren/gws-claude-plugin/recipe-post-mortem-setup/Gen Agent Trust Hub

recipe-post-mortem-setup

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected. The skill's behavior aligns with its stated purpose of automating incident response documentation and communication.
  • [COMMAND_EXECUTION]: The skill executes the gws binary to perform Google Workspace operations. This tool is explicitly listed as a requirement in the metadata and is used for its intended purpose (Docs, Calendar, and Chat management).
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it interpolates the [Incident] placeholder into tool commands.
  • Ingestion points: Untrusted user input is ingested via the [Incident] placeholder in SKILL.md and used in document titles, calendar summaries, and chat messages.
  • Boundary markers: No delimiters or safety instructions are provided to separate the user-provided incident name from the command context.
  • Capability inventory: The skill utilizes the gws binary to write to Google Docs, create calendar entries, and send chat messages (SKILL.md).
  • Sanitization: No sanitization or validation of the user input is performed before interpolation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 04:56 PM