recipe-save-email-attachments
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill facilitates legitimate data movement between Google Workspace services using the 'gws' utility. No malicious behaviors such as credential theft or unauthorized exfiltration were found.\n- [NO_CODE]: No executable scripts or binaries are bundled with the skill. The functionality relies on external binaries ('gws') and pre-existing skills ('gws-gmail', 'gws-drive').\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by ingesting untrusted data (email content and attachments) and having write capabilities (Google Drive upload). This is inherent to its primary purpose.\n
- Ingestion points:
gws gmailcommands for listing and getting messages/attachments (SKILL.md)\n - Boundary markers: Not present\n
- Capability inventory:
gws drive +upload(SKILL.md)\n - Sanitization: None detected in the instructional steps
Audit Metadata