gmail-inbox
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via incoming email content.
- Ingestion points: The
scripts/gmail_unified.pyscript retrieves and processes email subjects, snippets, and full message bodies. - Boundary markers: No boundary markers or 'ignore' instructions are implemented to prevent the agent from interpreting instructions found within emails.
- Capability inventory: The skill includes the ability to send emails, reply to messages, and create or modify account filters (
scripts/gmail_unified.py,scripts/gmail_create_filters.py). - Sanitization: There is no evidence of sanitization for email content before it is presented to the agent.
- [CREDENTIALS_UNSAFE]: The skill manages highly sensitive authentication assets.
- Evidence: The scripts and documentation reference local storage and retrieval of
credentials.jsonandtoken_*.jsonfiles. These files contain the necessary secrets and tokens to access a user's complete Google account. - Least Privilege: The OAuth scopes requested include full access to Google Drive and Google Sheets (
scripts/gmail_auth.py), which may be unnecessary for the primary goal of Gmail management.
Audit Metadata