gws-gmail-read
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from Gmail messages, creating a surface for indirect prompt injection.
- Ingestion points: Gmail message bodies and headers read via
gws gmail +read(SKILL.md). - Boundary markers: Absent. There are no delimiters or warnings to ignore instructions within the email content.
- Capability inventory: Reading and formatting private email data (SKILL.md).
- Sanitization: Automatically handles base64 decoding and HTML-to-text conversion but does not filter for potential malicious instructions (SKILL.md).
Audit Metadata