gog
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a custom CLI tool named 'gog' (gogcli.sh) to interact with Google Workspace APIs. This tool is used for all primary functions including managing Gmail, Calendar, Drive, and Sheets.
- [DATA_EXFILTRATION]: The skill has capabilities to read data from private documents and emails and subsequently transmit data externally via Gmail send functions or document export commands.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to the handling of external untrusted content.
- Ingestion points: Untrusted data enters the agent context through 'gog gmail search', 'gog drive search', 'gog sheets get', and 'gog docs cat'.
- Boundary markers: The instructions lack delimiters or specific prompts to ensure the agent ignores embedded instructions within retrieved emails or documents.
- Capability inventory: The agent possesses impactful capabilities that could be abused if compromised by an injection, such as sending emails ('gog gmail send'), modifying spreadsheets ('gog sheets update'), and creating calendar events.
- Sanitization: There is no evidence of sanitization or validation of content retrieved from Google Workspace before it is processed by the agent.
Audit Metadata