Skills
skills/maneeshanif/ai-employee-hackathon-spec-driven/email-processing/Gen Agent Trust Hub

email-processing

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection from untrusted email content. Ingestion point: GmailWatcher.process_email in examples.md. Boundary markers: Uses markdown delimiters in SKILL.md but lacks safety instructions for processed content. Capability inventory: Includes Read, Write, and Bash tool access, and API-based email sending. Sanitization: None implemented for email body content.
  • [DATA_EXFILTRATION]: The send_email.py script in examples.md can attach files by path. An attacker could use indirect prompt injection to trick the agent into attaching sensitive local files to an outgoing email.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes official Google API libraries (google-api-python-client, google-auth, google-auth-oauthlib) for Gmail integration.
  • [COMMAND_EXECUTION]: The skill requests Bash access in SKILL.md, expanding the attack surface for potential exploits.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 10:43 PM
Security Audit — agent-trust-hub — email-processing