The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/email_client.py executes the pass command via subprocess.run to retrieve account passwords. While it correctly avoids shell execution, the paths passed to the command are partially derived from the accounts.json configuration, which can be modified by the user or the agent through the manage.py script.
[PROMPT_INJECTION]: The skill ingests untrusted external data from email subjects and bodies in scripts/check_email.py and scripts/reply_draft.py. This data is used to generate summaries and response drafts, creating a surface for indirect prompt injection attacks where a malicious email could attempt to influence the agent's instructions.
[DATA_EXFILTRATION]: The skill performs network operations to external IMAP and SMTP servers to read and send email content. It also caches private communication data in cache/emails.json. Additionally, the configuration includes a hardcoded Telegram notification target (-1003824568687), which could lead to information being sent to the author's channel if the default settings are not updated.
[SAFE]: The skill demonstrates several security best practices, including the use of an external password manager instead of plaintext credentials and requiring explicit user confirmation before any emails are actually sent.

email-manager