google-workspace-workflow

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the gws CLI installer script and additional workspace skills directly from official Google Workspace GitHub repositories.
  • [REMOTE_CODE_EXECUTION]: Executes the gws-installer.sh script via a shell pipe to configure the local environment, which is the standard installation method for this tool.
  • [COMMAND_EXECUTION]: Modifies the ~/.bashrc file to persistently store environment variables for API credentials, ensuring the CLI tool remains authenticated across sessions.
  • [CREDENTIALS_UNSAFE]: Requests the user to provide service account JSON files or OAuth access tokens, which are stored locally to facilitate communication with Google APIs.
  • [PROMPT_INJECTION]: The skill operates as an interface for reading and writing data in Google Workspace apps, creating a surface for indirect prompt injection from external content like emails or documents.
  • Ingestion points: Gmail messages, Drive files, and document content retrieved through the CLI or browser.
  • Boundary markers: Not present in the current implementation.
  • Capability inventory: Includes shell command execution via gws, browser automation via Chrome DevTools, and local file system access.
  • Sanitization: The skill performs direct operations on the retrieved data without explicit validation or filtering instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 05:39 PM
Security Audit — agent-trust-hub — google-workspace-workflow