gws-gmail-triage
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the 'gws' binary to interact with Gmail. This command-line tool is a resource associated with the author 'googleworkspace' and is used for its intended administrative purpose.
- [PROMPT_INJECTION]: The skill handles untrusted data from email subjects and senders, creating a surface for indirect prompt injection. 1. Ingestion points: Gmail header metadata fetched via the 'gws gmail +triage' command. 2. Boundary markers: The skill does not define specific delimiters or instructions to ignore potential commands within the fetched email data. 3. Capability inventory: The skill possesses the capability to execute commands via the 'gws' CLI. 4. Sanitization: There is no evidence of sanitization or filtering of the email content before it is processed by the agent.
Audit Metadata