Skills
skills/pietz/skills/gws/Gen Agent Trust Hub

gws

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the @anthropic-ai/gws CLI tool using npm to enable communication with Google APIs.
  • [COMMAND_EXECUTION]: The skill frequently executes the gws command to perform actions like searching emails, reading messages, and managing calendar events.
  • [PROMPT_INJECTION]: The skill acts as a surface for indirect prompt injection by processing external data such as email content and calendar descriptions.
  • Ingestion points: Gmail message bodies retrieved via gws gmail users messages get and calendar event details via gws calendar events list.
  • Boundary markers: No specific delimiters or "ignore instructions" warnings are provided in the prompt templates to separate untrusted data from system instructions.
  • Capability inventory: The skill possesses the ability to send emails (gws gmail +send), reply to messages, and create/delete calendar events.
  • Sanitization: No explicit sanitization or content validation is performed on the retrieved data before it enters the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 11:31 AM