Skills
skills/maroffo/claude-forge/process-email-bookmarks/Gen Agent Trust Hub

process-email-bookmarks

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data from external emails and websites.
  • Ingestion points: Untrusted content is ingested via the gog gmail thread get command (SKILL.md) and the WebFetch tool.
  • Boundary markers: There are no delimiters or protective instructions provided to the agent to treat external content as data rather than instructions.
  • Capability inventory: The skill has access to the Bash tool, enabling it to execute gog (for Gmail management) and obsidian (for file system modifications).
  • Sanitization: The instructions do not include logic for sanitizing or validating URLs, titles, or descriptions extracted from external sources before they are used in commands.
  • [EXTERNAL_DOWNLOADS]: Uses the WebFetch tool to download content from arbitrary URLs extracted from email bodies.
  • [COMMAND_EXECUTION]: Executes shell commands via the Bash tool using local utilities gog and obsidian to process data and update the user's notes.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 04:22 PM