Skills
skills/chachamaru127/claude-code-harness/gogcli-ops/Gen Agent Trust Hub

gogcli-ops

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute gogcli CLI commands and a local Python script for Google Workspace operations.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download and export of files from Google Drive, Sheets, and Docs to the local environment via gogcli commands like gog drive download and gog sheets export.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it reads and processes content from external Google Workspace documents which could contain adversarial instructions.
  • Ingestion points: Data enters the agent's context through gog sheets get, gog docs cat, and gog drive download.
  • Boundary markers: The instructions do not define clear delimiters or use instructions to ignore embedded commands when processing document content.
  • Capability inventory: The skill has access to shell execution (Bash) and file system operations via gogcli.
  • Sanitization: The scripts/gog_parse_url.py script performs regex-based validation of Google URLs and IDs, providing basic input sanitization before command execution.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 10:31 AM