Skills
skills/googleworkspace/cli/gws-gmail-send/Gen Agent Trust Hub

gws-gmail-send

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the gws command-line tool, which is a vendor-owned resource for Google Workspace operations. This is the intended behavior of the skill.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes arbitrary text in the email body.
  • Ingestion points: The --body flag in the gws gmail +send command accepts user-defined or externally-sourced text.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within the body text are provided.
  • Capability inventory: The skill has the capability to perform network operations (sending emails) via the gws binary.
  • Sanitization: No specific sanitization or escaping mechanisms for the email body content are mentioned, although the tool handles standard RFC 2822 formatting.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 10:49 PM