Trust Assessment
gog-cli received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Potential for Data Exfiltration via File Upload/Email Send.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 9b0e00ad). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential for Data Exfiltration via File Upload/Email Send The skill provides commands (`gog gmail send --body-file`, `gog drive upload`) that allow the agent to read local files and send their contents via email or upload them to Google Drive. While the skill includes operating rules advising against sending mail or sharing data without explicit user request, these rules can be bypassed by a malicious prompt injection attack against the host LLM. An attacker could craft a prompt to instruct the agent to read sensitive local files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, environment variables) and exfiltrate their contents to an attacker-controlled email address or Google Drive account. Implement stricter input validation and sanitization for file paths and recipient addresses when calling these commands. Consider adding an explicit confirmation step for the user before sending any local file content or uploading files, especially to external recipients or public shares. If possible, restrict the agent's ability to read arbitrary local files or limit the directories it can access. The `gog` tool's `--enable-commands` and `--disable-commands` flags could be used to restrict these specific commands if they are deemed too risky for a given agent deployment. | LLM | SKILL.md:87 | |
| HIGH | Potential for Data Exfiltration via File Upload/Email Send The skill provides commands (`gog gmail send --body-file`, `gog drive upload`) that allow the agent to read local files and send their contents via email or upload them to Google Drive. While the skill includes operating rules advising against sending mail or sharing data without explicit user request, these rules can be bypassed by a malicious prompt injection attack against the host LLM. An attacker could craft a prompt to instruct the agent to read sensitive local files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, environment variables) and exfiltrate their contents to an attacker-controlled email address or Google Drive account. Implement stricter input validation and sanitization for file paths and recipient addresses when calling these commands. Consider adding an explicit confirmation step for the user before sending any local file content or uploading files, especially to external recipients or public shares. If possible, restrict the agent's ability to read arbitrary local files or limit the directories it can access. The `gog` tool's `--enable-commands` and `--disable-commands` flags could be used to restrict these specific commands if they are deemed too risky for a given agent deployment. | LLM | SKILL.md:104 |
Scan History
Embed Code
[](https://skillshield.io/report/a9ce38bd5e6a61eb)
Powered by SkillShield