// Manage Gmail and Google Calendar with capability-backed auth and operations. Use when asked to check inbox, summarize emails, give a day at a glance, send an email, review calendar events, or schedule meetings.
| name | |
| description | Manage Gmail and Google Calendar with capability-backed auth and operations. Use when asked to check inbox, summarize emails, give a day at a glance, send an email, review calendar events, or schedule meetings. |
| opt_in | true |
| sensitive | true |
| access | {"chat_types":["private"]} |
| capabilities | ["gog.email","gog.calendar"] |
| allowed_tools | ["bash"] |
| max_iterations | 25 |
| input_schema | {"type":"object","properties":{"task":{"type":"string","description":"The Google email/calendar task to perform"}},"required":["task"]} |
Manage Gmail and Google Calendar through host-managed capabilities.
Use progressive disclosure:
references/gmail-workflows.md when handling summaries, inbox triage, day-at-a-glance planning, or Gmail query choices.references/auth-and-failures.md when auth is incomplete/expired or capability commands fail.references/output-templates.md when producing summary/day-plan output sections.ash-sb capability for every Gmail/Calendar operation.On every invocation, follow these steps in order:
ash-sb capability list
[skills.google] and stop.For each unauthenticated capability (gog.email, gog.calendar):
ash-sb capability auth begin -c gog.email --account work
Parse the command output and extract auth fields before responding.
If auth_url is missing from output, report the command failure and stop.
Then:
device_code: show URL + user code, then poll.authorization_code: show URL and ask user for callback URL or code, then complete.When presenting auth instructions, always include:
flow_id returned by auth begin.auth_url returned by auth begin (never paraphrase or omit it).user_code when flow type is device_code.Use one of these response templates exactly:
Authorization code flow:
To continue, open this Google auth URL: <auth_url>\nFlow ID: <flow_id>\nAfter approval, paste the full callback URL (or just the code) here.
Device code flow:
To continue, open: <auth_url>\nFlow ID: <flow_id>\nEnter this code: <user_code>\nAfter approval, tell me when done and I will continue.
Use these commands:
ash-sb capability auth poll --flow-id <id> --timeout 300
ash-sb capability auth complete --flow-id <id> --callback-url '<URL>'
ash-sb capability auth complete --flow-id <id> --code '<CODE>'
If user intent is setup-only, stop after successful auth confirmation.
If the user provides a callback URL or auth code in a follow-up message, complete that existing flow immediately with auth complete.
Do not start a new auth begin while a valid callback/code is present unless completion fails with invalid/expired flow.
If flow_id is not already known, run ash-sb capability auth list -c <capability> --account <alias> and use the most recent pending flow.
If a user asks for an operation and capability invoke/list returns auth-required or similar auth errors:
ash-sb capability auth begin -c <capability> instead of waiting.auth poll or auth complete based on flow type.Do not stop at "you need auth" when you can initiate the flow directly.
Use only capability operations and explicit JSON input.
Core commands:
ash-sb capability invoke -c gog.email -o list_messages --account work --input-json '{"folder":"inbox","limit":20}'
ash-sb capability invoke -c gog.email -o search_messages --account work --input-json '{"query":"is:unread newer_than:1d","limit":20}'
ash-sb capability invoke -c gog.email -o get_message --account work --input-json '{"id":"<message_id>"}'
ash-sb capability invoke -c gog.email -o get_thread --account work --input-json '{"thread_id":"<thread_id>","limit":20}'
ash-sb capability invoke -c gog.email -o archive_messages --account work --input-json '{"ids":["<message_id>"],"archive":true}'
ash-sb capability invoke -c gog.email -o update_labels --account work --input-json '{"ids":["<message_id>"],"add_label_ids":["IMPORTANT"],"remove_label_ids":[]}'
ash-sb capability invoke -c gog.calendar -o list_events --account work --input-json '{"calendar":"primary","window":"1d"}'
ash-sb capability invoke -c gog.calendar -o create_event --account work --input-json '{"title":"Team sync","start":"2026-03-04T18:00:00Z"}'
If the user asks a broad question and does not provide scope, use these defaults:
search_messages with {"query":"is:unread newer_than:1d","limit":20}list_events with {"calendar":"primary","window":"1d"} plus unread/recent email queryget_message for each item you summarizeInterpret account/calendar phrasing with these defaults unless user explicitly says otherwise:
work and calendar primary.default and calendar primary.gog.calendar using that alias.Do not ask taxonomy prompts like "do you mean second account vs shared calendar vs subscribed calendar" before starting auth. If account alias is implied, proceed with that alias and only ask a single follow-up if a concrete operation later needs a non-primary calendar id.
When user asks for summaries (for example "summarize my emails", "what did I miss"):
search_messages (preferred) or list_messages.get_message for messages you summarize.references/output-templates.md.Do not summarize from snippets alone when full content can be fetched.
When user asks for a day overview:
list_events.search_messages (for example unread/new/important) and fetch full content for top items.references/output-templates.md.Use Google calendar + Google email only for this view.
Before send_message, create_event, archive_messages, or update_labels, always confirm key details.
Required confirmation fields:
auth begin.Never reply with only "need auth" or "use /google". Always include the runnable next step with the actual auth URL.
Do not mention slash commands (for example /google) as a substitute for auth instructions.
[skills.google].