gog-save-attachments
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
gogcommand-line utility to perform searches, download attachments, and upload files. These actions are aligned with the skill's primary purpose. Safety measures include using--readonlyflags for search/inspection andmktempfor directory isolation. - [PROMPT_INJECTION]: The skill addresses the risk of indirect prompt injection from external data sources.
- Ingestion points: Gmail attachments downloaded via
goginSKILL.md. - Boundary markers: Commands utilize the
--wrap-untrustedflag for data isolation. - Capability inventory: The skill performs file system writes and network uploads via
gog(referenced inSKILL.md). - Sanitization: Instructions mandate treating files as untrusted and prohibit executing or previewing active content.
Audit Metadata