Trust Assessment
google-workspace received a trust score of 92/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 1 medium, and 1 low severity. Key findings include Reliance on Third-Party Homebrew Tap, Broad Access to Google Workspace Services.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Reliance on Third-Party Homebrew Tap The skill's installation instructions specify a third-party Homebrew tap (`steipete/tap/gogcli`). Relying on external taps introduces a supply chain risk, as the integrity of the installed binary depends on the security of the third-party repository and its maintainer. A compromise of the tap could lead to the installation of malicious software being installed on the host system. Consider using officially maintained packages or verifying the integrity of third-party taps and formulas. If possible, vendor the dependency or use a more controlled installation method. Regularly audit third-party dependencies for known vulnerabilities. | LLM | SKILL.md:1 | |
| LOW | Broad Access to Google Workspace Services The `gog` CLI tool, as configured by the skill, requests and utilizes broad access to multiple Google Workspace services (Gmail, Calendar, Drive, Contacts, Sheets, Docs). While this is the intended functionality of the tool, it grants the AI agent significant capabilities to read, write, and manage user data across these services. This requires careful handling by the LLM and robust access control mechanisms to prevent unintended data manipulation or exposure. Ensure that the LLM's use of this skill is strictly controlled and monitored. Implement granular access policies for the `gog` tool if possible, or restrict the LLM's ability to generate commands that utilize the full breadth of these permissions without explicit user confirmation. Educate users about the extensive permissions granted to this skill. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/11fe4537b63f2dd2)
Powered by SkillShield