google-chat-api
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation and scripts reference official Google client libraries for Python (google-api-python-client, google-auth, google-auth-oauthlib) and Node.js (@googleapis/chat, google-auth-library). These are well-known, trusted dependencies from a verified organization.
- [SAFE]: The authentication management in scripts/manage_auth.py demonstrates best practices by prioritizing Application Default Credentials, which avoids the need for hardcoded keys and reduces the risk of credential exposure.
- [PROMPT_INJECTION]: The handle_events.py script provides a template for processing incoming Google Chat events (such as user messages). While this creates an ingestion point for untrusted data, the template logic only demonstrates logging and echoing, with no dangerous dynamic execution of the input.
- [SAFE]: The test_webhook.py script implements a URL prefix validation check to ensure that test payloads are only sent to legitimate Google Chat endpoints, mitigating risks associated with SSRF or data exfiltration to arbitrary domains.
Audit Metadata