The Agent Skills Directory

[SAFE]: No malicious patterns, obfuscation, or security violations were detected in the skill's instructions or metadata.
[COMMAND_EXECUTION]: The skill requires and executes the 'gws' binary to perform its tasks, restricted to the documented purpose of managing Gmail resources.
[PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it ingests untrusted data from external emails. Ingestion points: Email content is ingested via 'users.messages', 'users.threads', and the '+triage' helper command in 'SKILL.md'. Boundary markers: None identified; email content is processed without explicit delimiters or instructions to ignore embedded commands. Capability inventory: The agent can send, reply to, and forward emails, and manage account settings/labels. Sanitization: No evidence of content sanitization or instruction filtering is present in the skill definition.

gws-gmail