Gmail Draft Update Body

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrow Gmail helper that updates an existing draft body through the local gog CLI, with no hidden files, persistence, or unrelated behavior found.

Before installing or using it, confirm the target draft ID, Gmail account, and final body text. Treat the update as potentially replacing the existing draft body, and review the draft before any separate send action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 93% confidence
Finding: The skill performs a state-changing operation on an existing Gmail draft but does not clearly warn that it will overwrite or replace draft body content. This can mislead users or downstream agents into making unintended modifications, causing accidental data loss or corruption of draft text, even though it does not by itself create code execution or privilege escalation risk.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal