gws-hebrew-email-automation

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @googleworkspace/cli package via npm to facilitate communication with the Gmail API.
  • [COMMAND_EXECUTION]: The skill utilizes shell commands to interact with the gws CLI, process data with jq, and execute a bundled Python script (scripts/shekel-formatter.py) for currency formatting.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted data from the user's Gmail inbox.
  • Ingestion points: Commands such as gws gmail +triage and gws gmail users messages list (found in SKILL.md) retrieve unread email content into the agent's context.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands within email bodies are provided.
  • Capability inventory: The skill has access to bash execution (Bash), file writing (Write), and file editing (Edit), allowing for a variety of automated actions.
  • Sanitization: No evidence of sanitization or validation of the incoming email content is present before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 09:15 PM
Security Audit — agent-trust-hub — gws-hebrew-email-automation