gmail
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Instructs the user to install the @membranehq/cli package globally via npm. This package is the official command-line interface for the skill's vendor.
- [COMMAND_EXECUTION]: The agent is instructed to use the membrane command-line tool to perform actions such as send-message, delete-message, and modify-message-labels.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external data. * Ingestion points: Data is ingested from Gmail messages and threads via the get-message and get-thread actions defined in SKILL.md. * Boundary markers: There are no instructions or delimiters defined to prevent the agent from following commands embedded within the emails it reads. * Capability inventory: The skill includes powerful capabilities such as sending emails (send-message) and deleting threads (delete-thread) as listed in SKILL.md. * Sanitization: The documentation does not specify any sanitization, filtering, or validation steps for the content retrieved from the Gmail API.
Audit Metadata