gws-gmail
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'gws' binary to perform operations on Gmail resources such as messages, threads, and drafts. This is the documented and intended use of the Google Workspace CLI tool.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from external sources. 1. Ingestion points: 'messages', 'threads', and 'drafts' resources defined in SKILL.md. 2. Boundary markers: None identified in this configuration file. 3. Capability inventory: Execution of CLI commands via 'gws' subprocesses. 4. Sanitization: No explicit sanitization or filtering is defined in the skill documentation. This represents a standard attack surface for communication-based AI agents.
Audit Metadata