Security risk report for @forgecat/googleworkspace_cli-skills v0.1.2
Source Integrity
Low
Profile is published from the official ForgeCat registry (nota-america/forgecat-agent-profiles GitHub repository).
All skills reference legitimate Google Workspace APIs (Calendar, Gmail, Drive, Docs, Sheets, Chat, Classroom, etc.) with standard Google API documentation.
Agent Intent
Low
Content describes legitimate Google Workspace CLI skills with standard API operations (read, write, list, delete) — no hidden instructions to manipulate the AI.
No directives to ignore instructions, exfiltrate credentials, leak system prompts, or install malicious payloads.
Guidance is straightforward: use the `gws` CLI tool with documented flags and parameters; no poisoned knowledge or security-weakening defaults injected.
Details
Evidence
Skills uniformly document API resources and methods with standard parameters (--summary, --start, --end for calendar; --space, --text for chat; etc.).
All write operations include caution notices ('This is a **write** command — confirm with the user before executing'), indicating responsible design.
No instructions to fetch external URLs, disable security checks, or install untrusted dependencies.
All operations are scoped to the authenticated user's Google Workspace account via the `gws` CLI; no shell execution, file system mutation, or arbitrary code execution.
Write operations (calendar +insert, chat +send, docs +write, drive +upload) are appropriately flagged with caution notices and require explicit user confirmation.
Details
Evidence
Skills require only the `gws` binary (a legitimate Google Workspace CLI tool) and standard Google API credentials.
No alwaysApply rules, glob patterns, or excessive agency declarations.
Helper commands (+insert, +send, +write, +upload) are narrowly scoped to their documented purpose.
MCP Risk
Low
No MCP servers are declared in the profile.
All operations are performed via the `gws` command-line tool, which is a known, scoped binary with documented Google Workspace API integration.
No hidden instructions in tool descriptions; all skill documentation is transparent and references official Google API guides.
Details
Evidence
Profile metadata specifies only `requires: bins: [gws]` — a single, legitimate CLI tool.
No arbitrary binary execution, unrestricted network access, or full filesystem permissions.
Skills document their API resources and methods with links to official Google Workspace developer documentation.
ForgeCat