add-gmail

[Skill Scanner] Instruction to copy/paste content into terminal detected All findings: [CRITICAL] command_injection: Instruction to copy/paste content into terminal detected (CI012) [AITech 9.1.4] [CRITICAL] command_injection: Instruction directing agent to run/execute external content (CI011) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill's stated purpose (Gmail integration) matches the capabilities described, but the implementation guidance contains multiple supply-chain and operational security risks. The main concerns: executing an unpinned third-party npm package via npx (code-execution and supply-chain risk), instructing users to bypass Google unverified-app warnings, and mounting writable host OAuth credentials into a container where agent code can access them. These create realistic credential-exposure and remote-code-execution risks if the MCP package or the containerized agent is compromised or malicious. I do not see direct evidence of intentional malware in the provided document, but the instructions are risky and would be considered suspicious in a supply-chain review without further controls (pin versions, audit MCP package source, restrict OAuth scopes, use read-only token storage or scoped service accounts where possible, require manual approval for outbound emails). LLM verification: The Gmail integration concept is sound but requires stronger security controls and supply-chain safeguards to be production-ready. Without these, the risk remains moderate to high for credential exposure and reliance on external code. Implement recommended mitigations before broad deployment.