google-gmail
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to
gmail.googleapis.comto retrieve and send email data. These operations target a well-known, trusted service provider. - [COMMAND_EXECUTION]: Local commands including
curl,jq, andpython3are used to handle HTTP requests and format data. The Python execution is limited to base64 encoding and JSON construction for API compatibility. - [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by reading content from external emails.
- Ingestion points: Email snippets, subjects, and bodies fetched via the Gmail API.
- Boundary markers: No delimiters or ignore-instructions markers are used when presenting email content to the agent.
- Capability inventory: The skill can list, read, search, and send messages via the Gmail API.
- Sanitization: There is no evidence of sanitization or filtering of the content retrieved from email messages before it is processed by the agent.
Audit Metadata