gog
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the gog CLI tool from a third-party Homebrew tap (steipete/tap/gogcli).
- [COMMAND_EXECUTION]: Executes system commands via the gog CLI to interact with Google Workspace APIs.
- [DATA_EXFILTRATION]: Accesses and processes highly sensitive user data from Gmail, Google Drive, Calendar, and Sheets.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through data ingested from external Google services.
- Ingestion points: Data retrieved using functions like gog gmail search, gog sheets get, and gog docs cat.
- Boundary markers: There are no delimiters or specific instructions to the agent to ignore embedded commands within the retrieved data.
- Capability inventory: The tool has writing capabilities such as sending emails (gog gmail send) and updating spreadsheets (gog sheets update).
- Sanitization: No evidence of sanitization or content validation for the retrieved data is present.
Audit Metadata