Skills
skills/zhucl1006/googleskills/google-docs-manager/Gen Agent Trust Hub

google-docs-manager

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to an indirect prompt injection/query injection attack in the document search functionality.
  • Ingestion points: The query parameter in the find command within scripts/docs.py is directly accepted from user input.
  • Boundary markers: Absent; the input is interpolated directly into the API query string without delimiters or warnings.
  • Capability inventory: The script possesses capabilities to list, read, modify, and delete Google Docs (docs.py).
  • Sanitization: The cmd_find function in scripts/docs.py lacks proper escaping for single quotes when constructing the search string: query = f"... name contains '{args.query}' and trashed=false". An attacker could provide a crafted query (e.g., "' or 1=1 or name contains '") to bypass intended search filters and discover documents they should not see.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 02:13 AM