gog
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as a command-line wrapper for Google Workspace interaction using the 'gog' tool. No malicious patterns, unauthorized exfiltration, or obfuscation were detected.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface. Evidence: 1. Ingestion points: gmail search, sheets get, docs cat. 2. Boundary markers: Absent in prompt instructions. 3. Capability inventory: gmail send, calendar events, sheets update/append/clear. 4. Sanitization: Absent. The risk is mitigated by the instruction to 'Confirm before sending mail or creating events'.
- [CREDENTIALS_UNSAFE]: OAuth authentication is handled securely by requiring the user to specify a local path to their own client secrets, avoiding hardcoded credentials within the skill itself.
Audit Metadata