Skills
skills/jetbrains/skills/gws-sheets/Gen Agent Trust Hub

gws-sheets

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the 'gws' CLI binary to interact with Google Sheets APIs for reading and writing data. This is the primary intended functionality of the skill.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from spreadsheet cells which could contain instructions designed to manipulate the agent.
  • Ingestion points: Data enters the context via 'gws sheets spreadsheets get' and 'gws sheets spreadsheets values get' commands.
  • Boundary markers: None are present in the provided instructions to delimit spreadsheet content from agent instructions.
  • Capability inventory: The agent has the ability to execute shell commands via the 'gws' tool.
  • Sanitization: No explicit sanitization or validation of the spreadsheet content is performed before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 10:49 PM
Security Audit — agent-trust-hub — gws-sheets