gws-gmail
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to use the
gwscommand-line tool to perform operations such as sending, reading, and managing emails (e.g.,gws gmail messages get). This is the intended and documented behavior of the skill.\n- [PROMPT_INJECTION]: The skill includes capabilities to read external data from the user's Gmail inbox via helper commands like+readand+triage. This introduces a surface for indirect prompt injection where malicious instructions embedded in an email body could attempt to influence agent behavior.\n - Ingestion points: SKILL.md (references tools for reading email content and headers).\n
- Boundary markers: Not present in this file; refers to a shared skill for security rules.\n
- Capability inventory: Comprehensive Gmail access including sending, replying, and account settings modification via the
gwsbinary.\n - Sanitization: No specific sanitization or filtering of email content is mentioned in the documentation for this skill.
Audit Metadata