Security audit

Gmail All Email Actions

Security checks across malware telemetry and agentic risk

Overview

This Gmail skill is openly an all-actions email integration, but it grants broad mailbox and outbound-email authority with weak scoping and no clear confirmation rules.

Install only if you intend to let AgentPMT operate a Gmail account with both reading and sending authority. Use it with workflows that require explicit review of recipients, message bodies, forwarded content, attachments, and trash/delete actions before execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The activation keywords are very broad and include generic tasks like customer follow-up, information gathering, and inbox management. That increases the chance an agent will invoke a high-privilege Gmail skill in contexts where a narrower, less sensitive capability would suffice, leading to unnecessary access to mailbox contents or outbound email actions.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill exposes privacy-impacting and destructive actions such as reading, forwarding, trashing, and label modification without strong cautionary language or confirmation requirements. In an agentic environment, this can cause unauthorized disclosure of email content or accidental mailbox state changes when the agent infers intent too aggressively.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The forward action automatically includes original message content and allows attachments to be fetched from public URLs, which can disclose sensitive mailbox data to unintended recipients or third-party hosts. In an agent context, absent explicit warnings or consent requirements, this increases the risk of accidental exfiltration and privacy breaches.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: Replying sends content to external recipients and may fetch attachments from public URLs, creating risk of unintended disclosure and external network interaction. In an autonomous agent setting, insufficient warning or guardrails can lead to accidental outbound communication using sensitive context from the mailbox.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: Sending a saved draft is an outbound side-effecting action that can disclose sensitive content to recipients if triggered mistakenly or by a compromised agent workflow. Without an explicit warning or confirmation expectation, the skill makes accidental transmission easier in high-automation contexts.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: This action sends arbitrary outbound email and can fetch remote attachment URLs, combining data exfiltration risk with external network access. In an agent-integrated Gmail skill, missing warnings and guardrails materially raise the chance of unauthorized or accidental email transmission and leakage through attachment retrieval.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal