The Agent Skills Directory

Prompt Injection (LOW): Detected an indirect prompt injection surface due to the ingestion and processing of untrusted external data from Gmail.
Ingestion points: The scripts read_email.py and search_emails.py retrieve raw email content from the user's inbox.
Boundary markers: Absent. There are no instructions or delimiters provided to help the agent distinguish between its system instructions and the content within the retrieved emails.
Capability inventory: The skill possesses the ability to execute Python scripts, read full email contents, and perform write operations like creating drafts and archiving messages.
Sanitization: No sanitization, escaping, or validation of email body content is implemented before the data enters the agent's context.

gmail-integration