gmail-multi-inbox
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Potential for Indirect Prompt Injection through processed email data.
- Ingestion points: The skill uses
search_gmail_messagesto scan the user's mailbox (promotions, updates, forums) to discover senders. It also allows users to paste existing Apps Scripts for parsing. - Boundary markers: Absent. There are no instructions or delimiters provided to the agent to distinguish between valid email metadata and potentially malicious instructions embedded in email subjects, bodies, or the pasted script content.
- Capability inventory: The skill has the capability to write local files (
assets/config.json) and generate executable JavaScript code (gmail-multi-inbox-setup.js) for the Google Apps Script environment. - Sanitization: Absent. The instructions do not specify validation or sanitization of the extracted sender domains or the content parsed from existing scripts before using them to generate new code.
- COMMAND_EXECUTION (SAFE): The skill generates code intended for manual execution by the user in the Google Apps Script environment. It does not attempt to execute arbitrary commands on the local host system.
- DATA_EXFILTRATION (SAFE): While the skill accesses sensitive Gmail data, the processing is performed to generate local configuration and setup files. No network exfiltration patterns to non-whitelisted domains were detected.
Audit Metadata