gmail
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install the
@membranehq/clipackage via npm to interface with the Membrane platform services. - [COMMAND_EXECUTION]: Employs shell commands using the
membraneCLI to perform authentication, manage connection states, and execute email operations like reading, searching, and sending messages. - [REMOTE_CODE_EXECUTION]: Features the
membrane action createcommand, which allows the agent to dynamically generate and deploy new integration logic on the remote Membrane platform based on natural language descriptions. - [PROMPT_INJECTION]: The skill processes external data from Gmail (messages and threads), which introduces a potential surface for indirect prompt injection if malicious instructions are embedded in ingested email content.
- Ingestion points: Retrieves external email content using
get-message,get-thread, andlist-messagesactions. - Boundary markers: No specific delimiters are defined in the instructions to isolate email data from the agent's primary instruction set.
- Capability inventory: The skill possesses capabilities for data modification and deletion (e.g.,
delete-thread,send-message) which could be targeted via injection. - Sanitization: There is no mention of sanitization or filtering applied to the email body before it enters the agent's context.
Audit Metadata