The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to automatically perform global package installation (npm install -g @googleworkspace/cli) if the required CLI tool is missing. Global installations often require elevated privileges and can introduce untrusted binaries into the system path.
[EXTERNAL_DOWNLOADS]: The skill mandates the installation of an external package from the npm registry. The specific package @googleworkspace/cli is not an official Google-maintained package listed in the trusted vendor list and represents a third-party dependency.
[REMOTE_CODE_EXECUTION]: The skill utilizes node -e to dynamically execute JavaScript code for email encoding. This process involves interpolating variables like 'to', 'subject', and 'body' directly into a string that is then executed by the Node.js interpreter, creating a risk of code injection if the input contains malicious control characters like single quotes or backticks.
[DATA_EXFILTRATION]: The skill is designed to read and manipulate sensitive data across the entire Google Workspace suite (Gmail, Drive, Sheets, etc.). While this is the intended functionality, it grants the agent extensive access to private user information that could be exfiltrated if the agent is compromised.

nopal-orchestrate