recipe-draft-email-from-doc
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the 'gws' (Google Workspace) command-line tool to retrieve document content and send emails. This is standard functionality for the 'googleworkspace' author's ecosystem.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes content from an external source and passes it to a communication tool.
- Ingestion points: 'gws docs documents get' retrieves content from a Google Doc as specified in 'SKILL.md'.
- Boundary markers: Absent. Document content is passed directly to the email command's body parameter without delimiters.
- Capability inventory: Includes the 'gws gmail +send' command, which allows for outbound communication.
- Sanitization: No sanitization, escaping, or 'ignore instructions' warnings are present to mitigate potential malicious content in the source document.
Audit Metadata