googleworkspace · samhiotisiddn-jpg · Apr 10, 2026 · Apr 17, 2026 · Apr 17, 2026 · Apr 25, 2026
diff --git a/.changeset/fix-agent-security-issues.md b/.changeset/fix-agent-security-issues.md
@@ -0,0 +1,9 @@
+---
+"@googleworkspace/cli": patch
+---
+
+Fix high-priority security and resource leak issues in agent tools:
+
+- **Browser tool**: Close tabs after each operation to prevent memory accumulation during long agent sessions
+- **GWS tool**: Fix recursion check to detect `agent` command regardless of preceding global flags, preventing infinite recursive loops
+- **Supabase tool**: Remove comma and colon from URL encoding allow-list to prevent PostgREST query injection vulnerabilities
diff --git a/.github/workflows/npm-publish-github-packages.yml b/.github/workflows/npm-publish-github-packages.yml
@@ -0,0 +1,36 @@
+# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
+# For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages
+
+name: Node.js Package
+
+on:
+  release:
+    types: [created]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+      - run: npm ci
+      - run: npm test
+
+  publish-gpr:
+    needs: build
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          registry-url: https://npm.pkg.github.com/
+      - run: npm ci
+      - run: npm publish
+        env:
+          NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}