Skills
skills/prashaantr/teach-claude-something-new/composio-gmail/Gen Agent Trust Hub

composio-gmail

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses local shell environment tools including curl and jq to perform authenticated API requests to the Composio backend. Evidence of this behavior is found in the core execution patterns of both SKILL.md and references/actions.md.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its ability to read external data from a user's Gmail inbox.
  • Ingestion points: The skill retrieves external data through the GMAIL_LIST_MESSAGES and GMAIL_GET_MESSAGE actions defined in references/actions.md.
  • Boundary markers: Absent. The implementation lacks markers (such as XML tags or clear boundaries) or explicit instructions to the agent to ignore commands that may be embedded in email bodies.
  • Capability inventory: The skill provides sensitive capabilities including sending emails (GMAIL_SEND_EMAIL), modifying message labels (GMAIL_MODIFY_MESSAGE), and deleting messages (GMAIL_DELETE_MESSAGE), which could be misused if the agent is manipulated by injected instructions.
  • Sanitization: Absent. The raw content of emails is retrieved from the Composio API and passed into the agent's context without filtering or validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 11:02 AM