gws-gmail-watch
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill serves as a standard configuration for the 'gws' utility, providing expected functionality for Google Workspace management without suspicious behavior or hardcoded credentials.
- [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface as it ingests untrusted data from email messages. 1. Ingestion points: Gmail message bodies and metadata retrieved via Pub/Sub. 2. Boundary markers: No delimiters or protective instructions are added to the email content before processing. 3. Capability inventory: The skill provides read-only monitoring of emails and the ability to write output to a local directory. 4. Sanitization: No sanitization of the email content is performed by the skill itself.
Audit Metadata