gmcli
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires global installation of the '@mariozechner/gmcli' package from the npm registry. This is a third-party dependency not maintained by the skill author or a trusted vendor.- [CREDENTIALS_UNSAFE]: The setup process instructs users to download and provide Google OAuth client credentials in JSON format and stores tokens in the local '~/.gmcli/' directory.- [PROMPT_INJECTION]: The skill processes untrusted external data from email bodies, creating a surface for indirect prompt injection attacks.
- Ingestion points: Reading email threads and searching messages via the 'gmcli' command (SKILL.md).
- Boundary markers: No markers or delimiters are provided in the documentation to separate untrusted email content from agent instructions.
- Capability inventory: The skill enables the agent to send emails, search messages, read threads, and manage drafts (SKILL.md).
- Sanitization: No evidence of content sanitization or instruction filtering for retrieved email bodies is present.
Audit Metadata