gmail
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands (
curl) and text processing utilities (printf,base64,tr,jq) to perform operations. These commands interact with Google's official Gmail API endpoints atgmail.googleapis.comto read, write, and delete user data. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes untrusted data from external email messages.
- Ingestion points: Email content, subjects, and metadata are fetched from the Gmail API (documented in
SKILL.md). - Boundary markers: Absent; there are no instructions provided to the agent to treat fetched email content as untrusted data or to use delimiters.
- Capability inventory: The skill possesses significant capabilities, including reading emails, sending new messages, deleting content, and modifying account settings (filters, vacation replies).
- Sanitization: No sanitization or filtering of the fetched data is performed before it is presented to the agent context.
Audit Metadata