gog-save-attachments

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the gog command-line utility to perform searches, download attachments, and upload files. These actions are aligned with the skill's primary purpose. Safety measures include using --readonly flags for search/inspection and mktemp for directory isolation.
  • [PROMPT_INJECTION]: The skill addresses the risk of indirect prompt injection from external data sources.
  • Ingestion points: Gmail attachments downloaded via gog in SKILL.md.
  • Boundary markers: Commands utilize the --wrap-untrusted flag for data isolation.
  • Capability inventory: The skill performs file system writes and network uploads via gog (referenced in SKILL.md).
  • Sanitization: Instructions mandate treating files as untrusted and prohibit executing or previewing active content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 10:52 AM
Security Audit — agent-trust-hub — gog-save-attachments