gmail
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires installing
google-auth,google-auth-oauthlib, andgoogle-api-python-client. These are official, trusted libraries from Google, which downgrades the severity. - [COMMAND_EXECUTION] (LOW): The skill uses shell commands to run local Python scripts (
gmail_operations.py,google_auth.py) for Gmail interactions. This is the intended primary behavior of the skill. - [PROMPT_INJECTION] (LOW): The skill has an indirect prompt injection surface (Category 8) because it reads and processes email bodies which can contain untrusted content from external senders. Evidence Chain: 1. Ingestion points: Email data is ingested via the
readandsearchfunctions ingmail_operations.py. 2. Boundary markers: There are no technical delimiters in the command-line arguments to isolate email content, though the skill provides 'CRITICAL SAFETY RULES' for the agent's logic. 3. Capability inventory: The skill has the ability to send, reply to, and delete emails. 4. Sanitization: No sanitization or escaping of the email content is documented before it is processed by the agent.
Audit Metadata