gws-docs
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the 'gws' CLI, a utility for interacting with Google Workspace services, to perform its operations. This is an official tool dependency.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted data from external Google Docs. 1. Ingestion points: Document content is retrieved using the 'documents.get' method as described in SKILL.md. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are included in the prompt templates or instructions. 3. Capability inventory: The skill can create or modify documents using the 'create' and 'batchUpdate' methods. 4. Sanitization: No evidence of input validation or content filtering is present in the skill instructions.
Audit Metadata