gws
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs the
@googleworkspace/clipackage globally via npm. This is an official tool published by Google for interacting with Workspace APIs. - [PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection by retrieving data from external sources like Gmail and Google Docs.
- Ingestion points: Data enters the agent's context through commands in
SKILL.mdthat read emails (gws gmail), documents (gws docs), and files (gws drive). - Boundary markers: The skill does not implement delimiters or safety instructions to distinguish between retrieved data and agent commands.
- Capability inventory: The skill allows the agent to perform sensitive actions such as sending emails and modifying files in Drive, as documented in the tool usage section of
SKILL.md. - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from Google Workspace APIs before it is processed by the agent.
Audit Metadata