blink-google-docs
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted data from external Google Docs.
- Ingestion points: Document content is retrieved in
SKILL.mdusing theGET /documents/DOCUMENT_IDcommand. - Boundary markers: No boundary markers (such as delimiters or instructions to ignore embedded commands) are defined to separate document content from agent instructions.
- Capability inventory: The skill has the capability to modify documents via
POST /documents/DOCUMENT_ID:batchUpdateas described inSKILL.md. - Sanitization: No sanitization or validation of the document content is performed before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill utilizes the
blinkCLI tool to perform operations on the Google Docs API, which is the intended mechanism for the skill's functionality. - [EXTERNAL_DOWNLOADS]: The documentation references
quickchart.ioas a recommended service for exporting charts to images. This is a well-known third-party service for chart rendering.
Audit Metadata