recipe-sync-contacts-to-sheet
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses established Google Workspace CLI tools to synchronize data between directory services and spreadsheets, which is consistent with its stated purpose.
- [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface as it processes directory data from an external source. While this data could contain malicious instructions, the impact is limited by the skill's specific data-migration function.
- Ingestion points: The directory data is fetched using 'gws people people listDirectoryPeople' as defined in SKILL.md.
- Boundary markers: No delimiters or safety instructions are used to separate ingested contact data from the agent's instructions.
- Capability inventory: The skill uses the 'gws' CLI tool to list directory people and append rows to a Google Sheets spreadsheet.
- Sanitization: The skill does not perform validation or sanitization of the contact field values before processing.
Audit Metadata