google-docs
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes raw content from external Google Docs. Ingestion points: scripts/docs_manager.rb (read command); Boundary markers: None; Capability inventory: Extensive file and document management, including creation, deletion, and sharing; Sanitization: None. Document content is ingested directly into the agent's context, allowing potentially malicious instructions to influence behavior.
Audit Metadata