gmail
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
gog(gogcli) binary to interact with the Gmail API. It executes commands for searching threads, retrieving messages, managing labels, and sending emails. - [EXTERNAL_DOWNLOADS]: The skill provides instructions for the user to install an external dependency via Homebrew (
brew install gogcli). This is a guided manual step rather than an automated silent download. - [DATA_EXPOSURE]: The skill processes sensitive data including email bodies, subjects, and attachments. This is consistent with its primary purpose. It advises users to handle OAuth
client_secretJSON files manually and stores credentials in the tool's native keyring rather than the skill directory. - [PROMPT_INJECTION]: No evidence of malicious prompt injection, behavioral overrides, or safety filter bypasses was found in the instructions.
- [INDIRECT_PROMPT_INJECTION]: The skill has an ingestion surface for untrusted data by reading email bodies (e.g.,
gog gmail messages search --include-body). - Ingestion points: Reads email content from Gmail threads and messages in
SKILL.mdandreferences/gog-gmail-commands.md. - Boundary markers: None explicitly defined in the CLI output processing, but results are requested in
--jsonformat for structured parsing. - Capability inventory: Can send emails, create drafts, and modify labels/filters.
- Sanitization: The skill mitigates risks by explicitly requiring the agent to confirm recipients, subjects, and bodies with the user before any 'send' operation is executed.
Audit Metadata