Skills
skills/agentmail-to/agentmail-skills/agentmail-sdk/Gen Agent Trust Hub

agentmail-sdk

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The documentation provides instructions to install the agentmail package from official Python and Node.js registries. These are official SDKs provided by the vendor for interacting with the AgentMail API.\n- [DATA_EXFILTRATION]: The skill demonstrates how to read local files to send as email attachments via the api.agentmail.to endpoint. This is a primary function of the SDK and is used for intended platform features.\n- [PROMPT_INJECTION]: This skill processes untrusted external data in the form of incoming emails, which presents a surface for indirect prompt injection.\n
  • Ingestion points: External email content enters the agent context via the messages.list API call, Webhooks, or WebSockets (documented in SKILL.md, references/webhooks.md, and references/websockets.md).\n
  • Boundary markers: The documentation recommends using the extracted_text field to isolate new message content from quoted conversation history.\n
  • Capability inventory: The skill has the capability to read local files, send outbound communications, and manage account resources (documented in SKILL.md).\n
  • Sanitization: The platform provides automated stripping of signatures and quoted text through the extracted_text property to help sanitize incoming content before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 12:02 PM