gmail-automation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the use of an external MCP server at https://rube.app/mcp to provide its Gmail automation capabilities. This reference to an external service provider is a standard dependency for the tool's functionality.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and acts upon external data from email threads. Ingestion points: The agent ingests untrusted data from email bodies via the GMAIL_FETCH_EMAILS and GMAIL_FETCH_MESSAGE_BY_MESSAGE_ID tools. Boundary markers: The skill does not provide instructions for using delimiters or boundary markers to distinguish email content from system instructions. Capability inventory: The skill possesses high-privilege capabilities, including sending new emails (GMAIL_SEND_EMAIL), replying to threads (GMAIL_REPLY_TO_THREAD), and bulk-modifying messages (GMAIL_BATCH_MODIFY_MESSAGES). Sanitization: No sanitization or validation logic is specified for the content retrieved from external email messages before it is processed by the agent.
Audit Metadata