Skills
skills/fivetaku/nopal/nopal-setup/Gen Agent Trust Hub

nopal-setup

Warn

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The documentation instructs the user to export unmasked OAuth credentials into a plaintext file at ~/.config/gws/credentials.json. While intended to enable functionality in environments without keyring access, this practice bypasses standard security protections for sensitive tokens. Evidence: gws auth export --unmasked 2>/dev/null | grep -v '^Using keyring' > ~/.config/gws/credentials.json in SKILL.md.
  • [EXTERNAL_DOWNLOADS]: The skill guides the user to install the official Google Workspace CLI and Google Cloud SDK from well-known sources. Evidence: npm install -g @googleworkspace/cli and links to official Google Cloud documentation.
  • [COMMAND_EXECUTION]: The skill recommends using elevated privileges (sudo) for package installation if permission errors occur. Evidence: sudo npm install -g @googleworkspace/cli in SKILL.md.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 27, 2026, 08:10 PM
Security Audit — agent-trust-hub — nopal-setup