gmail-automation
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill connects to a third-party domain
https://rube.app/mcpto function as an MCP server. This routes agent interactions and potentially sensitive email metadata through an external service not included in the trusted vendors list.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes external, untrusted content from emails.\n - Ingestion points: Untrusted data is ingested via tools such as
GMAIL_FETCH_EMAILS,GMAIL_FETCH_MESSAGE_BY_MESSAGE_ID, andGMAIL_GET_ATTACHMENT.\n - Boundary markers: The skill lacks instructions for using delimiters or boundary markers to prevent the agent from obeying commands embedded within email bodies.\n
- Capability inventory: The skill provides access to powerful tools including
GMAIL_SEND_EMAIL,GMAIL_REPLY_TO_THREAD,GMAIL_DELETE_LABEL, andGMAIL_BATCH_MODIFY_MESSAGES.\n - Sanitization: No input validation or sanitization of email content is performed before the data is processed by the agent.\n- [EXTERNAL_DOWNLOADS]: The skill directs the user to add an external dependency in the form of a remote MCP server located at
https://rube.app/mcp.
Audit Metadata