gws-gmail-reply-all
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the 'gws' binary to perform Gmail reply actions, which is standard behavior for this vendor's ecosystem.
- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by processing external email data. 1. Ingestion points: '--body' and '--message-id' flags in SKILL.md. 2. Boundary markers: None present. 3. Capability inventory: Command execution via 'gws' CLI. 4. Sanitization: None present.
Audit Metadata