google-workspace-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the
gwsCLI installer script and additional workspace skills directly from official Google Workspace GitHub repositories. - [REMOTE_CODE_EXECUTION]: Executes the
gws-installer.shscript via a shell pipe to configure the local environment, which is the standard installation method for this tool. - [COMMAND_EXECUTION]: Modifies the
~/.bashrcfile to persistently store environment variables for API credentials, ensuring the CLI tool remains authenticated across sessions. - [CREDENTIALS_UNSAFE]: Requests the user to provide service account JSON files or OAuth access tokens, which are stored locally to facilitate communication with Google APIs.
- [PROMPT_INJECTION]: The skill operates as an interface for reading and writing data in Google Workspace apps, creating a surface for indirect prompt injection from external content like emails or documents.
- Ingestion points: Gmail messages, Drive files, and document content retrieved through the CLI or browser.
- Boundary markers: Not present in the current implementation.
- Capability inventory: Includes shell command execution via
gws, browser automation via Chrome DevTools, and local file system access. - Sanitization: The skill performs direct operations on the retrieved data without explicit validation or filtering instructions.
Audit Metadata