Gmail Retrieve Email

Security checks across malware telemetry and agentic risk

Overview

This skill narrowly tells the agent to retrieve one specified Gmail message, but the returned email contents can be sensitive.

Install only if you trust the gog CLI and the Gmail account configured for it. Use this skill when you intentionally want the agent to read a specific email, and avoid unnecessary sharing or logging of full message bodies, headers, authentication links, financial details, or other private content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly retrieves the full contents of an email, including headers, body, and metadata, but provides no warning, consent boundary, or minimization guidance for potentially sensitive data. In an agent context, this can expose private communications, authentication links, financial details, or other confidential information to downstream processing, logs, or unintended recipients.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal