bambu-filament-tracker
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/tracker.dartexecutes thegwscommand-line utility to perform searches and retrieve message contents from Gmail using thegmail users messagessubcommands. - [PROMPT_INJECTION]: The skill processes untrusted external data (Gmail emails) which creates a surface for indirect prompt injection.
- Ingestion points: Email snippets and bodies are retrieved and parsed in
scripts/tracker.dartto identify filament purchases. - Boundary markers: None identified; however, the data is processed locally by a script via regular expressions rather than being passed directly into an LLM prompt as instructions.
- Capability inventory: The script has the ability to read emails via the
gwstool but does not possess destructive or outbound network capabilities. - Sanitization: The script cleans zero-width spaces using
.replaceAll('\u200b', '')and uses strict regular expressions to extract specific numerical currency patterns, which limits the risk of arbitrary instruction execution. - [SAFE]: The skill's operations are transparent and consistent with its documentation. No evidence of credential theft, hidden code, or unauthorized data exfiltration was found. It requires legitimate
gmail.readonlypermissions to function.
Audit Metadata