Skills
skills/aws-samples/sample-strands-agent-with-agentcore/gmail/Gen Agent Trust Hub

gmail

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the handling of external email content.
  • Ingestion points: The tools read_email, get_email_thread, and search_emails ingest untrusted data from email bodies and metadata (SKILL.md).
  • Boundary markers: There are no instructions or delimiters defined to isolate processed email content or to instruct the agent to ignore instructions embedded within messages.
  • Capability inventory: The skill provides high-privilege tools such as send_email, delete_email, and bulk_delete_emails which could be abused if an injection is successful (SKILL.md).
  • Sanitization: There is no evidence of sanitization or filtering logic to prevent the agent from acting on malicious commands contained in incoming emails.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:09 AM