gog
Warn
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires installing the gog binary from a third-party Homebrew tap (steipete/tap/gogcli), which is a source not managed by the skill author or a major software vendor.
- [COMMAND_EXECUTION]: The skill is designed to execute shell commands using the gog CLI to manage user data across multiple Google Workspace services.
- [DATA_EXFILTRATION]: The skill provides tools that allow the agent to read sensitive data (e.g., Gmail, Drive, Contacts) and send it externally (e.g., via
gog gmail send). This capability can be abused to exfiltrate information if the agent's behavior is influenced by malicious instructions. - [PROMPT_INJECTION]: The skill processes untrusted data from external sources such as emails and documents, which may contain indirect prompt injection attacks. \n * Ingestion points: Gmail search results, Drive file content, Sheets data, and Docs content are read into the agent's context. \n * Boundary markers: There are no specified delimiters or instructions to ignore potential commands embedded in the fetched data. \n * Capability inventory: The skill possesses powerful write capabilities, including sending emails and modifying spreadsheets, which could be triggered by instructions found in retrieved content. \n * Sanitization: No mechanisms for sanitizing or validating external content before processing are described.
Audit Metadata