gmail-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to configure an external MCP server located at
https://rube.app/mcp. This is a standard configuration step for using the Rube automation platform. - [COMMAND_EXECUTION]: The skill utilizes a series of tool slugs (e.g.,
GMAIL_SEND_EMAIL,GMAIL_BATCH_MODIFY_MESSAGES) that execute operations within the Gmail environment via the MCP protocol. These are defined as part of the 'gmail' toolkit capability. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of reading and processing external email content.
- Ingestion points: Untrusted data enters the context through tools like
GMAIL_FETCH_EMAILSandGMAIL_FETCH_MESSAGE_BY_MESSAGE_IDas described in SKILL.md. - Boundary markers: There are no explicit instructions or delimiters provided to the agent to treat email body content as untrusted or to ignore instructions embedded within retrieved messages.
- Capability inventory: The skill possesses significant 'write' capabilities, including
GMAIL_SEND_EMAIL,GMAIL_REPLY_TO_THREAD, andGMAIL_DELETE_LABEL, which could be abused if the agent obeys instructions found in a processed email. - Sanitization: No sanitization or validation logic is described for handling email content before it is processed or used in downstream workflows.
Audit Metadata