Back to skill

Security audit

Work Productivity Gog Google Workflow Helper

Security checks across malware telemetry and agentic risk

Overview

This is a text-only workflow helper with broad triggers but no hidden code, data access, or persistence.

This skill is reasonable to install if you want a general workflow helper for Google Workspace or Gog-style productivity patterns. Be aware that its activation terms are broad and implicit invocation is enabled, so users should explicitly confirm the intended skill when working on unrelated Google, CLI, or productivity tasks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (12)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger sentence is broad and resembles ordinary user language, which can cause unintended activation when a user casually asks for help. In an agent environment, ambiguous triggers increase the chance that the wrong skill is invoked, leading to mis-scoped actions, confusing workflow selection, or unsafe automation being applied without clear user intent.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The invocation guidance lacks clear boundaries and mixes generic productivity wording with product-specific terms, making it hard for an orchestrator or user to distinguish when this skill should be selected over others. That ambiguity can be exploited indirectly by causing over-triggering, accidental tool use, or routing user requests into a workflow that has broader access than intended.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad, generic, and overlap with ordinary user requests such as asking for help, needing a workflow, or handling bug-fix/setup tasks. This can cause the skill to activate outside its intended scope, leading to prompt hijacking of unrelated conversations, confusing routing, and unintended execution of this skill in contexts involving Google Workspace or general productivity tasks.

Vague Triggers

High
Confidence
96% confidence
Finding
The skill description says to use the skill when a user asks for broad terms like work-productivity, google, workspace, cli, or implementation support. These are common everyday topics and lack narrow gating criteria, so the skill can activate in many unrelated conversations and override more appropriate, safer, or more specialized skills. In an agentic system, overbroad activation increases the chance of unintended instruction injection into benign tasks and creates routing confusion at scale.

Vague Triggers

High
Confidence
98% confidence
Finding
The keyword list includes highly ambiguous tokens such as google, workspace, cli, gmail, calendar, drive, contacts, and bug fix without any contextual constraints. These terms appear in a wide range of normal user requests, making accidental invocation very likely and allowing this skill to capture traffic outside its intended purpose. Because the skill is framed as a helper for broad workflow support, this ambiguity materially increases misrouting and unintended behavior.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The example trigger sentences use vague, everyday phrasing like 'Help me' and 'I need a practical workflow' combined with repeated requirement text, which normalizes activation from underspecified user intent. Even if not overtly malicious, these examples encourage integrators or models to treat loosely related requests as in-scope. That broadens the skill's reach and can cause inappropriate selection in multi-skill environments.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger keyword list includes very broad everyday terms such as "google", "workspace", and "cli", which can match many unrelated user requests. This increases the chance the skill is invoked outside its intended scope, causing prompt-routing confusion and potentially exposing users to irrelevant or unsafe workflow guidance in contexts the skill was not designed for.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description says it should be used whenever a user asks for broad categories like work-productivity, google, workspace, cli, or any practical workflow, artifact, checklist, analysis, or implementation support for the requirement. That boundary is so open-ended that it can overmatch many unrelated tasks, leading to accidental activation and misrouting of user requests.

Vague Triggers

Low
Confidence
88% confidence
Finding
The example trigger phrases are highly generic (for example, "Help me" and "I need a practical workflow" around repeated requirement text), which normalizes broad invocation patterns and amplifies accidental triggering. While not directly malicious, they train integrators and users to call the skill in ambiguous situations, weakening routing precision.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The default prompt uses a very broad natural-language activation phrase tied to common productivity and Google Workspace terms, which increases the chance of unintended or implicit invocation during ordinary user requests. Because implicit invocation is enabled, this overlap can cause the skill to activate when users did not explicitly intend to use it, creating prompt-routing confusion and expanding exposure to any downstream unsafe behavior or misleading outputs.

Vague Triggers

High
Confidence
90% confidence
Finding
The trigger sentence uses a very broad everyday phrase that can match ordinary user requests outside the intended Google/Gog workflow scope. This can cause the skill to activate in unintended contexts, increasing the chance that unrelated tasks are handled by this skill and that its instructions override more appropriate routing or safety behavior.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger scope is ambiguous because it mixes broad productivity language with long requirement text that does not clearly define when the skill should or should not activate. In an agent environment, ambiguous routing conditions can lead to over-invocation, task hijacking, and accidental application of this skill to requests involving unrelated domains or higher-risk actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.