Skills
skills/googleworkspace/cli/gws-gmail-triage/Gen Agent Trust Hub

gws-gmail-triage

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the gws command-line tool to interact with Gmail APIs. This is a legitimate vendor-provided tool (Google Workspace CLI) required for the skill's primary functionality.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and displays untrusted content from email subjects and senders.
  • Ingestion points: Gmail message metadata (sender, subject) ingested via the gws tool in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the skill markdown.
  • Capability inventory: The skill is limited to reading and displaying email summaries; it does not have write or delete capabilities.
  • Sanitization: No sanitization or filtering of email content is performed before presentation to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 12:48 AM