gsc
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements secure credential management by requiring OAuth2 secrets to be provided via environment variables rather than hardcoded strings or local files. It also includes a redaction function in the fetch script to ensure secrets are not leaked in error logs or stdout.
- [SAFE]: Robust guardrails are included in the documentation to address indirect prompt injection risks. The AI agent is explicitly instructed to treat search query and URL data as non-executable strings and to apply HTML-escaping to avoid cross-site scripting (XSS) in the generated reports.
- [SAFE]: Network activity is restricted to authenticated requests to official Google API endpoints for Search Console and OAuth2 services.
Audit Metadata