google-gmail
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the Google Workspace CLI (@googleworkspace/cli) from the official npm registry. This is a well-known tool for managing Google services.- [PROMPT_INJECTION]: Ingests untrusted external data from email bodies and metadata, creating a surface for indirect prompt injection.
- Ingestion points: Reads email snippets, message bodies, and thread contents via the Gmail REST API as described in SKILL.md.
- Boundary markers: Explicitly instructs the agent to show the user the exact target or draft and request confirmation before any destructive writes or outbound emails.
- Capability inventory: Includes network access via curl, shell command execution via Bash, and file system writes for attachment downloads.
- Sanitization: Employs jq for structured parsing of JSON responses from the Gmail API, which helps mitigate data formatting risks.
Audit Metadata