gws-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is a documentation-based extension that guides an agent on how to use a predefined CLI tool; it does not contain executable code, scripts, or obfuscation.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the gws CLI binary for authorized productivity tasks, which is the intended and scoped behavior.
- [SAFE]: External references and source metadata point to the official Google Workspace GitHub organization, which is a recognized and trusted service provider.
- [PROMPT_INJECTION]: A surface for indirect prompt injection is present as the skill processes external data from emails and meetings. 1. Ingestion points: Gmail messages and meeting details (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: The skill can create entries in Google Tasks and post announcements in Google Chat via gws workflow. 4. Sanitization: Not explicitly defined in the provided instructions, relying on the underlying platform and CLI tool's safety mechanisms.
Audit Metadata