The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides extensive documentation for the 'gws' CLI, instructing the agent on how to perform various tasks across Google Workspace services. This includes managing Drive files, sending Gmail messages, and accessing administrative reports.
[DATA_EXFILTRATION]: The agent is taught how to read sensitive information (e.g., inbox triage, file downloads) and send it via email or chat. This functional capability could be abused for data exfiltration if the agent's instructions are overridden.
[PROMPT_INJECTION]: The skill exposes a broad surface for indirect prompt injection by design.
Ingestion points: The agent is instructed to process untrusted data from multiple sources, such as reading email bodies (references/gws-gmail.md) and document content (references/gws-docs.md).
Boundary markers: The skill provides security guidelines in SKILL.md and references/gws-shared.md, such as 'Always confirm with user before executing write/delete commands'.
Capability inventory: The agent has the ability to perform significant actions including sending emails, sharing files, and modifying permissions across the Workspace ecosystem.
Sanitization: The skill documentation (references/gws-modelarmor.md) suggests using a '--sanitize' flag to filter output for PII and safety via Model Armor.
[NO_CODE]: The skill does not bundle any executable scripts or binaries; it consists entirely of markdown files providing instructions and references for a CLI tool assumed to be on the system path.

google-workspace