gmail
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODEEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION] (LOW): The skill explicitly directs the storage and access of sensitive OAuth credentials and authentication tokens in the
~/.gmail_credentials/directory. Accessing and managing these secrets is a sensitive data operation. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection. 1. Ingestion points: Fetches untrusted data from email subjects, snippets, and bodies (via
scripts/gmail_search.py). 2. Boundary markers: Uses Markdown headers and blockquotes for output, but lacks explicit delimiters or warnings to ignore instructions embedded in email content. 3. Capability inventory: The skill can read emails, download attachments to the local filesystem, and modify email labels. 4. Sanitization: No sanitization or filtering of email content is documented. - [NO_CODE] (SAFE): The logic file
scripts/gmail_search.pyis referenced but not provided in the skill package, limiting the audit to instructional content. - [EXTERNAL_DOWNLOADS] (SAFE): The skill requires standard Google API libraries which are considered trusted sources.
Audit Metadata