gmail
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill relies on the
gogCLI tool (v0.10.0) to perform all actions. This is the intended design, but it grants the agent the ability to execute shell commands with arguments derived from user input or external data (like email subjects or IDs). - [DATA_EXFILTRATION] (LOW): The skill has the capability to read sensitive email content and send it to external addresses via
gog gmail send. Because this is the primary stated purpose of the skill, the severity is downgraded from HIGH to LOW per the [TRUST-SCOPE-RULE]. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) as it ingests and processes untrusted data from external sources.
- Ingestion points: Email bodies, thread content, and attachment names retrieved via
gog gmail get,gog gmail search, andgog gmail messages(SKILL.md). - Boundary markers: Absent. The skill does not define delimiters or provide instructions to the agent to ignore commands embedded within the emails it reads.
- Capability inventory: The agent can send emails (
gog gmail send), download files (gog gmail attachment), and modify/delete message labels (gog gmail thread modify) (SKILL.md). - Sanitization: Absent. No logic is provided to sanitize or filter the content of retrieved emails before the agent processes them.
Audit Metadata