Skills
skills/wadewarren/gws-claude-plugin/recipe-log-deal-update/Gen Agent Trust Hub

recipe-log-deal-update

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the gws CLI tool to perform file listing, data reading, and data appending operations on Google Drive and Google Sheets.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it ingests and processes data from external spreadsheets.
  • Ingestion points: Data is retrieved from Google Sheets using the gws sheets +read command in SKILL.md.
  • Boundary markers: No explicit delimiters or safety instructions are defined to separate the retrieved spreadsheet data from the agent's internal instruction context.
  • Capability inventory: The skill possesses the capability to modify external spreadsheet data using the gws sheets +append command.
  • Sanitization: There is no evidence of sanitization, validation, or escaping of the spreadsheet content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 04:57 PM