Skills
skills/tumf/skills/gogcli/Gen Agent Trust Hub

gogcli

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install the gogcli tool from a third-party GitHub repository (github.com/steipete/gogcli) and via Homebrew.
  • [COMMAND_EXECUTION]: The skill relies on executing various shell commands, including gcloud for project management, jq for JSON processing, and the gog CLI for Workspace operations. It includes local scripts for project initialization and credential verification.
  • [PROMPT_INJECTION]: The skill manages an extensive surface for indirect prompt injection due to its integration with Google Workspace services.
  • Ingestion points: The agent reads untrusted content from Gmail messages, Google Drive files, and Google Chat spaces.
  • Boundary markers: There are no explicit instructions or delimiters used to separate user instructions from data retrieved from Google services.
  • Capability inventory: The agent can perform high-privilege actions such as sending emails, deleting files, and modifying calendar events across all authorized services.
  • Sanitization: There is no evidence of sanitization or validation of external content before it is processed by the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 07:15 PM