email-drafting
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from email bodies and meeting transcripts, creating a surface for indirect prompt injection.
- Ingestion points: External data enters the agent context via email content retrieved through the
gogCLI and meeting transcripts fetched viamcporter. - Boundary markers: The instructions do not specify the use of delimiters or clear separation between system instructions and the untrusted external content.
- Capability inventory: The skill has permission to execute shell commands (
Bash), access the filesystem (Read,Write,Glob,Grep), and create email drafts. - Sanitization: There is no mention of sanitizing or validating the content of emails or transcripts before they are processed by the agent.
- [COMMAND_EXECUTION]: The skill performs shell command execution to interface with external tools and local scripts.
- It executes
python3to run logging and auditing scripts (skill_log.py,audit_log.py). - It utilizes CLI tools like
gogfor Gmail interactions andmcporterfor Grain transcript access. - [DATA_EXPOSURE]: The skill accesses a local configuration file (
~/executive-assistant-skills/config/user.json) containing sensitive user information. - This file includes the user's primary/work emails, scheduling preferences, and signatures, which are then used across the skill's execution.
Audit Metadata