The Agent Skills Directory

[SAFE]: No malicious behavior or security guideline bypasses were identified. The skill documentation describes standard use of the gws utility for its intended purpose.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it ingests external Gmail messages. This risk is inherent to the skill's functionality and does not escalate the verdict. 1. Ingestion points: Gmail messages ingested via the gws gmail +watch command. 2. Boundary markers: None present in the skill definition. 3. Capability inventory: The skill can stream data to stdout or write to a specified local directory via the --output-dir flag. 4. Sanitization: No sanitization is performed on the ingested message content within this skill definition.

gws-gmail-watch