gog-inbox-triage
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill follows industry best practices for secure integration with third-party messaging services.
- [INDIRECT_PROMPT_INJECTION]: The skill addresses the ingestion of untrusted email content with a comprehensive evidence chain.
- Ingestion points: The skill retrieves search results and thread content from Gmail in SKILL.md.
- Boundary markers: Commands in SKILL.md use the --wrap-untrusted flag and the prompt includes a specific warning to treat message content as untrusted.
- Capability inventory: The skill restricts its power to read-only mode and prevents message sending during triage using --readonly and --gmail-no-send flags.
- Sanitization: The skill uses the --sanitize-content flag in SKILL.md to filter potentially malicious content from thread data.
Audit Metadata