Skills
skills/wadewarren/gws-claude-plugin/gws-gmail-reply/Gen Agent Trust Hub

gws-gmail-reply

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the gws command-line interface to perform Gmail operations as described in the metadata and usage examples.
  • [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection because it processes email content from potentially untrusted sources.
  • Ingestion points: The --body flag in SKILL.md receives arbitrary text that may contain malicious instructions.
  • Boundary markers: No explicit delimiters or boundary markers are used to isolate the email body from agent instructions.
  • Capability inventory: The skill can execute shell commands via the gws binary.
  • Sanitization: No input sanitization or validation of the --body content is present in the skill definition.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 04:56 PM