Skill

recipe-setup-sanitization

From gws

Configure Google Cloud Model Armor globally for all gws commands to protect against prompt injection in API responses.

Install

npx claudepluginhub fakoli/fakoli-plugins --plugin gws

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Configure Google Cloud Model Armor to scan all `gws` API responses for prompt injection before they reach AI agents.

SKILL.md

Similar Skills

agent-harness-construction

Designs and optimizes AI agent action spaces, tool definitions, observation formats, error recovery, and context for higher task completion rates.

everything-claude-code

157.7k

agent-eval

Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.

everything-claude-code

157.7k

accessibility

Designs, implements, and audits WCAG 2.2 AA accessible UIs for Web (ARIA/HTML5), iOS (SwiftUI traits), and Android (Compose semantics). Audits code for compliance gaps.

everything-claude-code

157.7k

Stats

Parent Repo Stars2

Parent Repo Forks0

Last CommitMar 22, 2026

Used By2 plugins

Actions

View Source View Plugin View on GitHub View README

Mode	Behavior
`warn` (default)	Logs a warning but returns the response
`block`	Returns an error if injection is detected

Set Up Global Response Sanitization

Configure Google Cloud Model Armor to scan all gws API responses for prompt injection before they reach AI agents.

When to Use

Use this workflow when the user wants to set up response sanitization — either globally for all commands or for specific high-risk operations like reading untrusted emails.

Prerequisites

GCP project with Model Armor API enabled
Full scopes: gws auth login --full

Steps

Create a Model Armor template:

gws modelarmor +create-template \
  --project my-project-id \
  --location us-central1 \
  --template my-safety-template

Test sanitization on a single command:

gws gmail users messages get \
  --params '{"userId": "me", "id": "MSG_ID"}' \
  --sanitize "projects/my-project-id/locations/us-central1/templates/my-safety-template"

Enable globally via environment variables:

# Add to your .env or shell profile
export GOOGLE_WORKSPACE_CLI_SANITIZE_TEMPLATE="projects/my-project-id/locations/us-central1/templates/my-safety-template"
export GOOGLE_WORKSPACE_CLI_SANITIZE_MODE=warn

Choose a mode:

Mode Behavior
warn (default) Logs a warning but returns the response
block Returns an error if injection is detected

Mode	Behavior
`warn` (default)	Logs a warning but returns the response
`block`	Returns an error if injection is detected

Verify it's active:

# Any gws command will now show sanitization status in debug logs
GOOGLE_WORKSPACE_CLI_LOG=gws=debug gws gmail +triage

Make it permanent — add to .env file:

cat >> .env << 'EOF'
GOOGLE_WORKSPACE_CLI_SANITIZE_TEMPLATE=projects/my-project-id/locations/us-central1/templates/my-safety-template
GOOGLE_WORKSPACE_CLI_SANITIZE_MODE=warn
EOF

Per-Command Override

Even with global sanitization, you can override per-command:

# Use a different template for sensitive operations
gws gmail users messages get \
  --params '{"userId": "me", "id": "MSG_ID"}' \
  --sanitize "projects/P/locations/L/templates/strict-template"

Caution

Model Armor adds latency to each API call (sanitization is an extra network hop)
block mode will cause commands to fail if injection is detected — use warn initially
Monitor Model Armor quota and costs in Google Cloud Console

Tips

Start with warn mode to understand your baseline before switching to block
Use block mode for high-risk operations (e.g., reading untrusted emails)
Combine with --fields to reduce the amount of text being sanitized
Check logs with GOOGLE_WORKSPACE_CLI_LOG=gws=debug to see sanitization results