Skills
skills/aws-samples/sample-strands-agent-with-agentcore/gmail/Gen Agent Trust Hub

gmail

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection (Category 8) by ingesting untrusted data from external sources and providing access to sensitive tools. \n
  • Ingestion points: The tools read_email, list_emails, search_emails, and get_email_thread fetch content from the user's Gmail mailbox, which contains messages from external, untrusted senders (SKILL.md). \n
  • Boundary markers: There are no instructions or delimiters defined to separate untrusted email content from the agent's core instructions, increasing the risk of the agent obeying commands embedded in emails. \n
  • Capability inventory: The skill provides powerful write and delete capabilities, including send_email, delete_email, and bulk_delete_emails, which could be abused if an injection is successful (SKILL.md). \n
  • Sanitization: The documentation does not describe any sanitization or validation of the ingested email bodies or subjects to prevent instruction injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 02:12 PM