recipe-forward-labeled-emails
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface by processing external email content and passing it to a mail-sending tool without sanitization or boundary markers. This vulnerability is noted as a risk factor inherent to the skill's primary purpose.
- Ingestion points: Email content is retrieved using
gws gmail users messages getin SKILL.md. - Boundary markers: No markers are used to separate untrusted content from the system prompt or tool arguments.
- Capability inventory: The skill utilizes the
gws gmail +sendcapability in SKILL.md. - Sanitization: No content validation or escaping is performed on the data.
- [NO_CODE]: This skill is a 'recipe' consisting of documentation and instructions rather than executable code files, which minimizes the attack surface.
- [SAFE]: The tools and binaries referenced (
gws) are standard utilities associated with the skill's author.
Audit Metadata