gws-people
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'gws' binary to perform operations on the Google People API, which is expected for a CLI-based management skill.
- [PROMPT_INJECTION]: The skill documentation identifies surfaces for indirect prompt injection as it processes external inputs like search queries and contact data. Ingestion points: 'SKILL.md' (methods like 'searchContacts' and 'updateContact'). Boundary markers: Absent in the instructions. Capability inventory: The 'gws' tool can list, read, create, update, and delete contact information. Sanitization: Not explicitly described in this wrapper skill.
- [SAFE]: No obfuscation, data exfiltration, or unauthorized credential access patterns were detected. The skill originates from a well-known source (googleworkspace/cli).
Audit Metadata