email-unsubscribe-check
Warn
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted email content to drive browser automation and credential retrieval activities.\n
- Ingestion points: Email bodies retrieved via Gmail MCP (SKILL.md).\n
- Boundary markers: Absent. There are no instructions to the agent to delimit or ignore instructions contained within the email bodies.\n
- Capability inventory: Gmail management (read/write/search/filter), browser automation (Chrome DevTools MCP), and credential access (pass CLI).\n
- Sanitization: Absent. Email content is used directly to extract URLs and navigate.\n- [DATA_EXFILTRATION]: The skill accesses the pass credential manager to perform automated logins. This poses a significant risk of credential exposure if an attacker sends an email with a malicious link designed to trigger a login attempt on an untrusted domain.\n- [COMMAND_EXECUTION]: The skill utilizes browser automation tools (Chrome DevTools MCP) to navigate to and interact with external, untrusted websites discovered in email bodies.
Audit Metadata