Skills
skills/googleworkspace/cli/gws-gmail-forward/Gen Agent Trust Hub

gws-gmail-forward

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the gws CLI tool to forward emails, which is a resource provided by the vendor.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).
  • Ingestion points: The skill ingests untrusted data from the body of Gmail messages accessed via the --message-id flag.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to disregard instructions contained within the ingested email content.
  • Capability inventory: The skill possesses the ability to send emails to any recipient and include local file attachments, which could be exploited if an injection occurs.
  • Sanitization: The instructions do not include any steps for sanitizing or validating the contents of the email body before it is forwarded.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 07:12 PM