add-gmail

Fail

Audited by Snyk on Jun 19, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt explicitly asks the user to paste their GCP OAuth JSON (or provide its path) and includes shell commands that write the JSON verbatim into files, which forces the agent to handle and output sensitive credential values directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). This skill grants persistent programmatic read/write access to a user's Gmail (via an external npx MCP), instructs mounting OAuth credentials into a container, and explicitly tells the user to bypass Google "unverified app" warnings — together these patterns enable high-risk data exfiltration and account abuse if misused.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.95). In Channel Mode, the runtime email polling/triggering reads outsider-authored email body text (from Gmail messages created by other people) and injects it into the agent prompt via prompt = ... <body>${email.body}</body> before calling runEmailAgent, which then feeds that prompt into the LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill invokes remote code at runtime via npx (e.g., "npx -y @gongrzhe/server-gmail-autoauth-mcp"), which will fetch and execute a third-party package that the skill depends on for Gmail MCP functionality.

Issues (4)

W007
HIGH

Insecure credential handling detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 19, 2026, 11:58 AM
Issues
4
Security Audit — snyk — add-gmail