gws-workflow-email-to-task
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the 'gws' binary to perform Google Workspace operations. This is the intended behavior and uses a vendor-owned CLI tool.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface by processing content from external Gmail messages.
- Ingestion points: The skill reads the subject and snippet of emails based on the provided message ID.
- Boundary markers: No specific boundary markers or instructions to ignore embedded commands are defined in the skill.
- Capability inventory: The skill interacts with the user's environment via the 'gws' command-line tool.
- Sanitization: No sanitization of the email content is documented in the skill file.
Audit Metadata