skills/odyssey4me/agent-skills/google/Gen Agent Trust Hub

google

Warn

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to download and extract a binary from a third-party GitHub repository ('github.com/openclaw/gogcli').
  • Evidence: 'curl -sL https://github.com/openclaw/gogcli/releases/latest/download/gogcli_VERSION_linux_amd64.tar.gz | tar xz' in SKILL.md.
  • Note: The skill provides SHA-256 checksums in 'dependencies.json' for integrity verification.
  • [REMOTE_CODE_EXECUTION]: The core functionality of the skill relies on the execution of the downloaded 'gog' binary for all Workspace operations.
  • Evidence: Instructions in SKILL.md and documentation in the 'references/' directory describe full use of the 'gog' CLI for data access and modification.
  • [COMMAND_EXECUTION]: The 'scripts/google.py' script executes the 'gog' binary to perform health checks and manage authentication states.
  • Evidence: 'subprocess.run(cmd, ...)' calls in 'scripts/google.py' execute commands such as 'gog auth doctor' and 'gog --version'.
  • [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by ingesting untrusted data from external Workspace sources.
  • Ingestion points: Gmail message bodies, Google Drive file content, and Document/Sheet/Slide data (referenced in 'references/gmail.md', 'references/drive.md', and 'references/docs.md').
  • Boundary markers: Absent. There are no delimiters or instructions to the agent to ignore embedded commands in the retrieved data.
  • Capability inventory: Shell command execution via the 'Bash(gog:*)' tool and credential management via 'scripts/google.py'.
  • Sanitization: Absent. Data is retrieved and presented to the agent context without escaping or validation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 29, 2026, 09:38 PM
Security Audit — agent-trust-hub — google