gws
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the '@googleworkspace/cli' package from the NPM registry to provide the necessary binaries for interaction with Google Workspace APIs.
- [COMMAND_EXECUTION]: The skill executes various
gwsCLI commands to perform file operations, send emails, and modify spreadsheets. These commands are run locally and interface with Google's Discovery Service. - [DATA_EXFILTRATION]: By design, the skill facilitates the movement of data between the local machine and Google Workspace accounts (e.g., uploading files to Drive, sending Gmail messages). This behavior is explicitly defined by the skill's purpose and requires user-controlled OAuth authentication.
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection when processing untrusted content from emails or files. It explicitly documents the use of a
--sanitizeflag, which utilizes Google Model Armor to detect and filter potentially malicious instructions embedded in data.
Audit Metadata