agentmail-mcp
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The setup instructions require users to install the
agentmail-mcppackage vianpx -yorpip install. These packages are hosted on public registries and are not from the listed trusted organizations. - DATA_EXFILTRATION (LOW): The skill requires an
AGENTMAIL_API_KEYand processes sensitive email data. While expected for its purpose, it involves transmitting this data to theagentmail.todomain, which is not in the whitelist of trusted exfiltration domains. - COMMAND_EXECUTION (LOW): The skill requires executing shell commands for setup and operation, including
npx,pip, and theagentmail-mcpbinary. - Indirect Prompt Injection (LOW): The skill reads external data (emails) which could contain malicious instructions designed to manipulate the AI agent.
- Ingestion points: Tools such as
get_thread,list_threads, andget_attachmentingest content from external email messages. - Boundary markers: No boundary markers or specific safety instructions are provided to the agent for handling untrusted email content.
- Capability inventory: The agent has capabilities like
send_message,reply_to_message, anddelete_inboxwhich could be misused if the agent obeys instructions within an email. - Sanitization: There is no evidence of content sanitization before the data is passed to the AI assistant.
Audit Metadata