The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill's metadata specifies the installation of a third-party CLI tool 'gog' from an unverified Homebrew tap ('steipete/tap/gogcli'). This involves downloading and executing code from an external source not listed as a verified organization.
[COMMAND_EXECUTION]: The skill instructions direct the agent to execute shell commands using the 'gog' binary. These commands perform operations on sensitive user data, including reading and sending emails, accessing files in Google Drive, and modifying Google Sheets.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted data from external sources (Gmail, Sheets, Docs) and has the capability to perform actions based on that data. * Ingestion points: Untrusted data enters the agent context via 'gog gmail search', 'gog gmail messages search', 'gog sheets get', and 'gog docs cat' in SKILL.md. * Boundary markers: Absent. The instructions do not provide delimiters or warnings to ignore instructions embedded within the retrieved data. * Capability inventory: The agent can send emails ('gog gmail send'), modify spreadsheets ('gog sheets update'), and create calendar events ('gog calendar create') via shell command execution. * Sanitization: No evidence of sanitization or validation of the retrieved external content before it is processed or used by the agent.

gog