email-unsubscribe-check
Fail
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill explicitly instructs the agent to retrieve and use credentials from a password manager to log into external services.
- Evidence: 'Log in using credentials from pass if needed'. Accessing a system password store to authenticate on websites the agent finds in emails is a high-risk credential exposure finding.
- [Indirect Prompt Injection] (LOW): The skill possesses a significant attack surface by reading untrusted data (emails) and using that data to drive high-privilege tools (Browser, Gmail API).
- Ingestion points: 'Search recent inbox emails' and 'Read the email via Gmail MCP'.
- Boundary markers: None. There are no instructions to sanitize or ignore instructions embedded in the emails or on the target landing pages.
- Capability inventory: Navigate to URLs, click buttons (DevTools MCP), create Gmail filters, and modify/delete emails (Gmail MCP).
- Sanitization: None. The agent is directed to follow links and interact with the DOM of external sites based on email contents.
- [COMMAND_EXECUTION] (MEDIUM): The skill utilizes browser automation to perform clicks and form submissions on arbitrary external websites discovered in user emails.
- Evidence: 'Navigate to the URL with Chrome DevTools MCP... find the confirmation button/checkbox... Click through to complete the unsubscribe'. This allows untrusted email senders to potentially direct the agent's browser to perform unintended actions.
Recommendations
- AI detected serious security threats
Audit Metadata