email-drafting
Warn
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes
python3to execute a local audit log script (audit_log.py). It passes data derived from external sources, such as email subjects and recipients, as command-line arguments. This presents a risk of command injection if the input is not properly sanitized before being executed in a shell environment. - [DATA_EXFILTRATION]: The skill accesses sensitive local files, including
~/executive-assistant-skills/config/user.json, which contains email addresses, scheduling contacts, and signatures. While this is part of its functionality as an executive assistant, the access to local configuration files is a sensitive operation. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it processes untrusted data from external sources.
- Ingestion points: Reads email thread content from Gmail and meeting transcripts via the
mcportertool. - Boundary markers: Absent. The skill does not define delimiters or specific instructions to ignore embedded commands within the emails or transcripts it processes.
- Capability inventory: The skill can create Gmail drafts, complete Todoist tasks, and execute local Python scripts via subprocess calls.
- Sanitization: Absent. There is no instruction to sanitize or validate the content retrieved from external sources before using it to generate drafts or passing it to the audit logging script.
Audit Metadata