Skills
skills/kadel/claude-plugins/gws-gmail/Gen Agent Trust Hub

gws-gmail

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the gws CLI to interact with Gmail services. It provides various helper commands like +send, +read, and +watch that translate into shell commands executed on the host system.
  • [DATA_EXFILTRATION]: The skill is designed to read and send data (emails), which is its primary function. While it has the capability to access sensitive mailbox information and transmit it externally, it includes explicit instructions for the agent to confirm write or delete actions with the user and avoid outputting secrets directly.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external sources (the bodies of incoming emails) through reading and watching functions.
  • Ingestion points: +read, +triage, and +watch commands in SKILL.md retrieve message bodies and headers from the Gmail API.
  • Boundary markers: The skill does not define specific delimiters or instructions to ignore potential commands embedded within email text.
  • Capability inventory: The agent has access to file system writes via the --output-dir flag in the +watch command and general shell execution through the gws CLI.
  • Sanitization: No explicit sanitization or filtering of the email content is mentioned before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 03:46 PM