Trust Assessment
gog received a trust score of 77/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Potential Command Injection and Arbitrary File Write via CLI arguments, Broad Google Workspace Permissions Required, Handling of Sensitive OAuth Credentials.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection and Arbitrary File Write via CLI arguments The skill describes the use of the `gog` CLI tool, which takes various arguments that can be user-controlled. Specifically, commands like `gog docs export <docId> --out /path/to/file.txt` allow specifying an output file path. If an LLM constructs this command using untrusted input for `<docId>` or `/path/to/file.txt`, it could lead to:
1. **Arbitrary File Write:** Writing sensitive data to an attacker-controlled location or overwriting critical system files.
2. **Command Injection:** If the `gog` tool or the shell execution context does not properly sanitize arguments, shell metacharacters in user-controlled input (e.g., `docId` or file paths) could lead to arbitrary command execution.
Similar risks exist for other commands that take user-controlled strings, such as `--values-json` in `gog sheets update/append` or `--to`, `--subject`, `--body` in `gog gmail send`. When constructing shell commands based on user input, ensure all arguments are strictly validated and properly escaped to prevent shell metacharacters from being interpreted as commands. Avoid writing to arbitrary file paths specified by untrusted input. Consider using a sandboxed environment for command execution. | LLM | SKILL.md:24 | |
| MEDIUM | Broad Google Workspace Permissions Required The `gog` tool, as described, requires extensive permissions across multiple Google Workspace services (Gmail, Calendar, Drive, Contacts, Sheets, Docs) via the `gog auth add` command. While necessary for the tool's functionality, this means that any LLM interacting with this skill, if compromised, would have broad access to a user's sensitive Google data. This represents a significant attack surface if the LLM's execution context is not adequately secured. Implement strict access controls and input validation for any LLM interactions with this skill. Consider using service accounts with the principle of least privilege where possible, or prompt for explicit user confirmation for sensitive operations. Educate users about the broad permissions granted. | LLM | SKILL.md:8 | |
| MEDIUM | Handling of Sensitive OAuth Credentials The skill describes the `gog auth credentials /path/to/client_secret.json` command, which is used to configure sensitive OAuth client secrets. If an LLM is instructed to manage or provide this path based on untrusted input, an attacker could potentially redirect the `client_secret.json` to a location they control, leading to credential compromise. The skill itself doesn't harvest, but its usage pattern creates a risk. Ensure that any paths or content related to sensitive credentials are never derived from untrusted user input. Implement strict validation and sanitization for such parameters. Credentials should be stored securely and accessed only by authorized components. | LLM | SKILL.md:7 |
Scan History
Embed Code
[](https://skillshield.io/report/7e78f8c1b6c936a9)
Powered by SkillShield