gog-weekly-digest

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the gog command-line tool to fetch data. All commands include the --readonly and --wrap-untrusted flags, and Gmail queries specifically use the --gmail-no-send flag to prevent any state-changing actions.
  • [PROMPT_INJECTION]: The skill processes potentially malicious content from external sources (Gmail, Calendar, and Tasks). It mitigates indirect prompt injection risks by using --wrap-untrusted markers and explicit instructions to the agent to avoid modifying data or sending communications.
  • [SAFE]: The ingestion of untrusted data is well-guarded: Ingestion occurs via the gog tool search outputs (SKILL.md); Boundary markers are present via the --wrap-untrusted flag; Capabilities are restricted to read-only operations; Sanitization is handled by the tool's wrapping mechanism.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 10:52 AM
Security Audit — agent-trust-hub — gog-weekly-digest