recipe-save-email-attachments
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill describes a legitimate automation workflow using the official Google Workspace CLI tool.
- [SAFE]: All operations are performed within the vendor's ecosystem, with no evidence of data exfiltration or unauthorized network calls.
- [SAFE]: No hardcoded credentials or sensitive local file access issues were identified.
- [PROMPT_INJECTION]: The skill retrieves untrusted data from emails which is an inherent surface for indirect prompt injection. However, since this is essential to its primary purpose and no malicious patterns are present, the risk is considered acceptable. Ingestion points: Gmail message retrieval in SKILL.md; Boundary markers: None; Capability inventory: File upload to Drive in SKILL.md; Sanitization: None.
Audit Metadata