The Agent Skills Directory

[COMMAND_EXECUTION]: Uses standard shell utilities including curl, jq, base64, and printf to interact with the Gmail REST API and process email data. It creates temporary JSON payload files in /tmp/ to facilitate API requests.
[DATA_EXFILTRATION]: Accesses sensitive mailbox content and user profile data from gmail.googleapis.com. This is the primary intended function of the skill and uses the GMAIL_TOKEN secret managed via the environment.
[INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes untrusted external data from email bodies and subjects.
Ingestion points: Reads email content, metadata, and attachments via messages.get and threads.get endpoints in SKILL.md.
Boundary markers: None present; content is processed directly for display or further action.
Capability inventory: Includes high-privilege operations such as sending emails (messages.send), permanent deletion (messages.delete), and modifying vacation/filter settings (settings.vacation, settings.filters).
Sanitization: None detected; the skill relies on the underlying agent's safety layers to distinguish between email content and instructions.

gmail