Skills
skills/terrylica/cc-skills/gmail-access/Gen Agent Trust Hub

gmail-access

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes the content of external, untrusted emails. This could allow an attacker to send an email containing malicious instructions that the agent might execute.
  • Ingestion points: Gmail message bodies and search results accessed via the read, list, and search commands in SKILL.md.
  • Boundary markers: Absent; there are no instructions to delimit or ignore instructions within email content.
  • Capability inventory: The agent has access to Bash, Write, Read, Grep, Glob, and AskUserQuestion tools.
  • Sanitization: Absent; content is read and displayed directly into the agent context.
  • [EXTERNAL_DOWNLOADS]: The skill setup process involves running bun install to fetch dependencies from external registries to build the Gmail CLI tool.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool extensively to execute the gmail CLI, perform account verification tests, and manage the local environment.
  • [REMOTE_CODE_EXECUTION]: The build and initialization process (bun run build) involves executing code from downloaded packages to generate the final CLI binary.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 09:19 AM