gmail-access
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires several shell commands for environment setup, building the project with Bun, and running the Gmail CLI binary.
- [EXTERNAL_DOWNLOADS]: The 'bun install' command downloads Node.js dependencies from the public NPM registry during the setup phase.
- [REMOTE_CODE_EXECUTION]: The skill triggers a build and execution process for a custom CLI from a local directory path; however, the source code for this CLI is not provided in the analyzed files, making its behavior unverifiable.
- [DATA_EXFILTRATION]: The tool is designed to read sensitive Gmail messages, search inboxes, and access 1Password items, exposing this sensitive data to the agent's context.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface. Ingestion points: Untrusted data enters the context from Gmail emails via list, search, and read operations. Boundary markers: None are specified to prevent the agent from following instructions found within emails. Capability inventory: The agent has access to powerful tools including Bash and Write. Sanitization: No sanitization or filtering of email content is performed.
Audit Metadata