Skills
skills/odyssey4me/agent-skills/gmail/Gen Agent Trust Hub

gmail

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes untrusted data from email messages.\n
  • Ingestion points: Email message details, including subjects, snippets, and bodies, are fetched via the messages list and messages get commands in scripts/gmail.py.\n
  • Boundary markers: The instructions do not define boundary markers (e.g., XML tags or delimiters) to separate email content from system instructions, nor do they include warnings for the agent to ignore instructions embedded in the emails.\n
  • Capability inventory: The skill includes 'write' capabilities such as sending emails (send), creating/sending drafts (drafts create, drafts send), and managing labels (labels create), which could be triggered by malicious email content.\n
  • Sanitization: Email content is retrieved directly from the Gmail API and passed to the agent without sanitization or instruction-filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 05:49 AM