Trust Assessment
gog-cli received a trust score of 77/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Potential for Command Injection via `gog` arguments, Broad scope and potential for excessive Google Workspace permissions, Capability to access and potentially exfiltrate sensitive Google Workspace data.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 9b0e00ad). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential for Command Injection via `gog` arguments The skill describes the use of the `gog` command-line tool, which is executed via the shell. If an agent constructs `gog` commands by directly interpolating untrusted user input into arguments (e.g., search queries, file paths, sed patterns), a malicious user could inject arbitrary shell commands. For example, a a user-provided search query like `'foo"; rm -rf /; echo "bar'` could lead to unintended command execution on the host system. The skill provides examples of `gog` commands that take string arguments, such as `gog drive search "..."` and `gog docs sed <docId> 's/.../...'`, which are vulnerable if not properly sanitized. The agent must rigorously sanitize and escape all user-provided input before incorporating it into shell commands. Consider using a library that safely escapes shell arguments or, if possible, using `gog`'s API directly if it offers one, rather than relying solely on shell execution. Implement a strict allowlist for user input where possible, especially for arguments that could contain shell metacharacters. | LLM | SKILL.md:99 | |
| MEDIUM | Broad scope and potential for excessive Google Workspace permissions The skill's manifest and documentation indicate a very broad scope, covering almost all Google Workspace services (Gmail, Calendar, Drive, Docs, Sheets, Admin, etc.). While the 'Operating rules' section correctly advises using least privilege (e.g., `--readonly`, specific scopes, `GOG_ENABLE_COMMANDS`), the skill *enables* an agent to request or operate with full access if not carefully constrained. An agent might inadvertently request or be prompted to use overly broad permissions (e.g., `--services all`, `--drive-scope full`) which could lead to unauthorized access or modification of sensitive user data. The agent should always request and operate with the absolute minimum necessary Google Workspace scopes and permissions for the task at hand. Implement strict validation and user confirmation for any requests involving broad permissions or sensitive operations. Utilize `GOG_ENABLE_COMMANDS` and `GOG_DISABLE_COMMANDS` to restrict the agent's capabilities to only what is strictly required. | LLM | SKILL.md:1 | |
| MEDIUM | Capability to access and potentially exfiltrate sensitive Google Workspace data The `gog-cli` skill provides extensive capabilities to access, read, and retrieve sensitive user data from various Google Workspace services, including Gmail messages, Drive files, Calendar events, Contacts, etc. While the 'Operating rules' explicitly warn against exporting tokens, printing secrets, or opening public shares without explicit user request, the underlying commands (e.g., `gog gmail messages search --include-body`, `gog drive download`) can retrieve highly sensitive information. If an agent is compromised or instructed by a malicious user, this capability could be leveraged to exfiltrate large amounts of private user data. Implement robust data handling policies for any retrieved Google Workspace data. Ensure sensitive data is not logged, stored insecurely, or transmitted to unauthorized parties. Require explicit user confirmation for any operation that involves retrieving or sharing sensitive data. Consider redacting or anonymizing data where possible before displaying it to the user or processing it further. | LLM | SKILL.md:85 |
Scan History
Embed Code
[](https://skillshield.io/report/4b2b91e6d29b53d6)
Powered by SkillShield