gog-inbox-triage

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill follows industry best practices for secure integration with third-party messaging services.
  • [INDIRECT_PROMPT_INJECTION]: The skill addresses the ingestion of untrusted email content with a comprehensive evidence chain.
  • Ingestion points: The skill retrieves search results and thread content from Gmail in SKILL.md.
  • Boundary markers: Commands in SKILL.md use the --wrap-untrusted flag and the prompt includes a specific warning to treat message content as untrusted.
  • Capability inventory: The skill restricts its power to read-only mode and prevents message sending during triage using --readonly and --gmail-no-send flags.
  • Sanitization: The skill uses the --sanitize-content flag in SKILL.md to filter potentially malicious content from thread data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 08:28 PM
Security Audit — agent-trust-hub — gog-inbox-triage