gog-gmail
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill identifies the surface for indirect prompt injection via external email content and proactively mitigates it by instructing the agent to use the
--wrap-untrustedflag when reading message data. This ensures the agent distinguishes between system instructions and untrusted data. - [COMMAND_EXECUTION]: Interactions with the Gmail API are performed through the
gogCLI. The instructions enforce safety protocols including explicit account targeting with--account, read-only access for queries via--readonly, and verification of mutations using the--dry-runflag. - [DATA_EXFILTRATION]: No patterns of unauthorized data exfiltration were found. The skill uses standard CLI tools to access data from a specific provider (Google/Gmail) and includes instructions to use
--jsonfor structured, machine-readable output without sending data to unknown third-party domains. - [NO_CODE]: The skill contains no executable scripts or source code files, relying entirely on natural language instructions to drive an existing external CLI tool.
Audit Metadata