gmail-workflows
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill employs official Google Workspace tools for searching and archiving emails and uploading files to Google Drive. These operations are entirely consistent with the primary purpose of email and file management.\n- [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection as it processes untrusted data from external email subjects and attachments. Ingestion points: Data is ingested via the gmail_search and gmail_get_attachments tools in the MCP server. Boundary markers: The example configurations do not include delimiters or instructions for the agent to ignore commands embedded in the email content. Capability inventory: The skill has the ability to write to Google Drive (gdrive_upload) and modify email labels (gmail_apply_label). Sanitization: No explicit sanitization or validation of the processed email text or attachment metadata is shown in the logic.
Audit Metadata