The Agent Skills Directory

[COMMAND_EXECUTION]: The script executes a local CLI tool named 'gws' using Process.run. This is the intended mechanism for the skill to access the user's Gmail data through an established command-line interface. The arguments passed to 'gws' are static or derived from internal query strings, posing no injection risk.
[DATA_EXFILTRATION]: The skill processes sensitive information (email snippets and bodies) but does not contain any network-facing code (curl, http, etc.) to send this data to an external server. All analysis and summarization occur within the local Dart process.
[OBFUSCATION]: The code contains a .replaceAll('\u200b', '') call which explicitly removes zero-width spaces from email content before processing. This is a common sanitization step to ensure regex matching works correctly on emails that may contain hidden formatting characters, rather than an attempt to hide malicious logic.
[REMOTE_CODE_EXECUTION]: There are no patterns of downloading and executing remote scripts or installing untrusted third-party dependencies from the internet.

bambu-filament-tracker