The Agent Skills Directory

[DATA_EXPOSURE]: The skill implements high-standard PII protection by only storing SHA-256 hashes of email bodies in audit logs and masking email addresses in error logs. OAuth tokens and refresh tokens are described as encrypted at rest and never logged in plaintext.
[EXTERNAL_DOWNLOADS]: The skill interacts with well-known and trusted technology services including Google (Gmail API) and Microsoft (Graph API) for its core functionality. These interactions are documented and follow official authentication protocols.
[COMMAND_EXECUTION]: Outbound network operations (API calls) are strictly guarded by an architectural requirement for human approval. The skill includes a non-optional 10-to-30-second undo window after approval is granted to allow for cancellation before execution.
[INDIRECT_PROMPT_INJECTION]: The skill identifies an attack surface for indirect prompt injection by processing external email thread history and CRM data. This risk is effectively mitigated by mandatory human review of all generated content, explicit HTML sanitization rules (stripping scripts/iframes), and the absence of any 'auto-approve' or 'skip-approval' pathways.
Ingestion points: Email thread content (via thread_id) and CRM contact records are loaded into the agent context in SKILL.md (Sources 3 and 4).
Boundary markers: Semantic boundaries are maintained via the mandatory Slack/chat preview-and-approve flow where the user acts as the final validator.
Capability inventory: Uses gmail_send and email capabilities for authenticated message delivery.
Sanitization: Implements HTML sanitization by stripping <script>, onclick, and javascript: protocols as specified in the email composition reference.

Email Send-as-Rep