gws-hebrew-email-automation
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@googleworkspace/clipackage via npm to facilitate communication with the Gmail API. - [COMMAND_EXECUTION]: The skill utilizes shell commands to interact with the
gwsCLI, process data withjq, and execute a bundled Python script (scripts/shekel-formatter.py) for currency formatting. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted data from the user's Gmail inbox.
- Ingestion points: Commands such as
gws gmail +triageandgws gmail users messages list(found inSKILL.md) retrieve unread email content into the agent's context. - Boundary markers: No specific delimiters or instructions to ignore embedded commands within email bodies are provided.
- Capability inventory: The skill has access to bash execution (
Bash), file writing (Write), and file editing (Edit), allowing for a variety of automated actions. - Sanitization: No evidence of sanitization or validation of the incoming email content is present before it is processed by the agent.
Audit Metadata