gws-tasks
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the 'gws' command-line utility to interact with Google Tasks resources. This execution is necessary for the skill's primary functionality and matches the provided documentation.
- [DATA_EXFILTRATION]: The skill facilitates access to user data within Google Tasks. Since this data is accessed through the official gws CLI and interacts with a well-known service (Google Workspace), this is consistent with the skill's intended purpose.
- [PROMPT_INJECTION]: The skill is subject to an indirect prompt injection surface when retrieving task content that might contain instructions. Ingestion points: Task titles and descriptions retrieved via 'list' and 'get' methods. Capability inventory: Subprocess execution via 'gws tasks'. Boundary markers: None. Sanitization: None. This risk is inherent to the task management use case and handled via agent-level guardrails.
Audit Metadata