gmail-label
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of untrusted email content during the classification process.
- Ingestion points: The
scripts/gmail_label_fetch.pyscript retrieves email subjects and snippets from the Gmail API and stores them in a JSON file for processing. - Boundary markers: The subagent prompt described in
SKILL.mdlacks delimiters or specific instructions to ignore embedded commands within the ingested email snippets. - Capability inventory: The skill possesses the capability to modify Gmail account data by creating and applying labels via
scripts/gmail_label_apply.py. - Sanitization: There is no evidence of sanitization or filtering of the email metadata before it is used for AI-driven classification.
Audit Metadata