gmail
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches source code and pre-compiled binaries from the vendor's GitHub repository (github.com/wayfind/gmail-agent).
- [COMMAND_EXECUTION]: Executes an installation script (scripts/install.sh) to set up the environment, including cloning the repository and modifying shell profile files (~/.bashrc, ~/.zshrc) to store the tool's path.
- [REMOTE_CODE_EXECUTION]: Downloads and executes a binary from the author's GitHub releases as part of the tool's core functionality.
- [DATA_EXFILTRATION]: Accesses and manages sensitive email data from the user's Gmail account. Credentials and API keys are stored in local configuration files.
- [PROMPT_INJECTION]: Susceptible to indirect prompt injection through the processing of unread email content for AI-driven classification and replies.
- Ingestion points: Reads email subjects and bodies during the listing and classification steps.
- Boundary markers: Lacks explicit delimiters to separate untrusted email data from the agent's internal instructions.
- Capability inventory: The skill can send emails, move messages to trash, permanently delete emails, and manage filters/labels.
- Sanitization: Implements mandatory safety rules requiring user confirmation (AskUserQuestion) for all destructive operations.
Audit Metadata