The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted email content from external senders. 1. Ingestion points: Messages are fetched using gmail_read_message and gmail_read_thread. 2. Boundary markers: Email content is processed without explicit delimiters to separate it from instructions. 3. Capability inventory: The skill can prepare messages using gmail_create_draft. 4. Sanitization: No sanitization of the email body is performed. This vulnerability is inherent to email automation and is mitigated here by the requirement for human review.

email-triage