skills/openclaw/gogcli/gog-gmail/Gen Agent Trust Hub

gog-gmail

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFENO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill identifies the surface for indirect prompt injection via external email content and proactively mitigates it by instructing the agent to use the --wrap-untrusted flag when reading message data. This ensures the agent distinguishes between system instructions and untrusted data.
  • [COMMAND_EXECUTION]: Interactions with the Gmail API are performed through the gog CLI. The instructions enforce safety protocols including explicit account targeting with --account, read-only access for queries via --readonly, and verification of mutations using the --dry-run flag.
  • [DATA_EXFILTRATION]: No patterns of unauthorized data exfiltration were found. The skill uses standard CLI tools to access data from a specific provider (Google/Gmail) and includes instructions to use --json for structured, machine-readable output without sending data to unknown third-party domains.
  • [NO_CODE]: The skill contains no executable scripts or source code files, relying entirely on natural language instructions to drive an existing external CLI tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 08:28 PM
Security Audit — agent-trust-hub — gog-gmail