inbox-triage
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill classifies and displays unread emails, including sender information and subjects, which are sourced from external entities. This creates an indirect prompt injection surface where a malicious sender could include instructions in the email subject or name to manipulate the agent's triage behavior.\n
- Ingestion points:
_cmd_classifyinsrc/inbox_triage/cli.pyreads Gmail search results from stdin.\n - Boundary markers: None. Email metadata is directly interpolated into the markdown summary.\n
- Capability inventory:
subprocess.runinsrc/inbox_triage/cli.pyis used to executegogcommands for modifying email threads.\n - Sanitization: None detected for email subject or sender fields.\n- [COMMAND_EXECUTION]: The
archivecommand insrc/inbox_triage/cli.pyexecutes thegogutility usingsubprocess.run.\n - Evidence: The code constructs a command string and uses
cmd.split()to pass it as an argument list. Whileshell=Trueis not enabled, the skill relies on the externalgogtool to perform actions on the user's Gmail account.
Audit Metadata