gdocs-audit-report
Warn
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill is designed to load and process a Google Service Account private key from a JSON file.
- Evidence:
scripts/gdocs_auth.pycontains logic to open and parse a sensitive credential file to sign authentication tokens. - [EXTERNAL_DOWNLOADS]: The skill performs network requests to external Google API endpoints and requires the third-party
cryptographyPython library. - Evidence:
scripts/gdocs_auth.pyconnects tooauth2.googleapis.comanddocs.googleapis.com. It also imports multiple modules from thecryptographypackage. - [DATA_EXFILTRATION]: The authentication script explicitly disables SSL certificate verification for its network requests, which exposes sensitive authentication tokens and document content to potential man-in-the-middle attacks.
- Evidence:
scripts/gdocs_auth.pyusesssl._create_unverified_context()and passes it tourllib.request.urlopencalls. - [PROMPT_INJECTION]: The skill reads and processes data from external Google Documents, creating a surface for indirect prompt injection if those documents contain malicious instructions.
- Ingestion points:
scripts/gdocs_auth.pyvia theget_docfunction. - Boundary markers: No specific delimiters or safety warnings are implemented in the provided patterns to distinguish between instructions and ingested content.
- Capability inventory: The skill has the ability to write to documents and make outbound network connections.
- Sanitization: There is no evidence of content sanitization or validation before the ingested data is processed by the agent.
Audit Metadata