parcel-tracking
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and processing untrusted external data.
- Ingestion points: The skill searches for and reads the contents of emails in the user's Gmail account and scrapes data from third-party carrier tracking websites.
- Boundary markers: There are no explicit instructions or delimiters used to separate untrusted external content from the agent's core logic, nor are there warnings to ignore embedded instructions within that content.
- Capability inventory: The skill utilizes high-privilege capabilities including Gmail access (via MCP or CLI tools), web scraping, and browser automation.
- Sanitization: The instructions do not specify any validation or sanitization of the data retrieved from emails or websites before it is used to generate the final response.
- [COMMAND_EXECUTION]: To retrieve parcel information, the skill instructions include the use of command-line interface tools like
gws(e.g.,gws gmail), which involves the execution of local system commands to access user data.
Audit Metadata