gog-cli
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to use the 'gog' CLI tool to perform various tasks within Google Workspace, such as searching emails, managing calendar events, and manipulating Drive files.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of 'gogcli' from a third-party Homebrew tap (steipete/tap/gogcli). This is a standard installation procedure for the referenced tool.\n- [DATA_EXFILTRATION]: The tool's primary functionality involves reading and exporting sensitive information from Gmail, Google Drive, and other Workspace services to the local filesystem or via custom tracking workers. This is documented as a core feature and relies on the user's OAuth authorization.\n- [PROMPT_INJECTION]: The skill enables the agent to ingest untrusted data from external Workspace services, which creates a surface for indirect prompt injection.\n
- Ingestion points: Data enters the context via commands like
gog gmail search,gog drive download,gog chat messages list, andgog classroom coursework.\n - Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings for content retrieved from these external services.\n
- Capability inventory: The agent has capabilities to send emails (
gog gmail send), write/delete files (gog drive upload,gog drive delete), and modify calendar events, which could be exploited if malicious instructions are processed.\n - Sanitization: There are no instructions for sanitizing or validating the content retrieved from external services before the agent processes it.
Audit Metadata