agentmail-toolkit
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill provides tools for reading and managing emails (list_threads, get_thread, get_attachment). Agents using these tools will have access to any sensitive information contained within the emails, which could be exfiltrated if the agent is compromised or misconfigured.
- [PROMPT_INJECTION]: The skill ingests untrusted data from external emails, which represents an indirect prompt injection surface where malicious instructions embedded in incoming emails could influence the agent's behavior.
- Ingestion points: Email content and attachments retrieved via 'get_thread' and 'get_attachment' (SKILL.md).
- Boundary markers: Absent. The skill does not provide instructions for delimiting untrusted email content.
- Capability inventory: The toolkit allows the agent to send, reply, forward, and delete emails (SKILL.md), providing a high-impact surface for successful injections.
- Sanitization: Absent. No sanitization or validation of email content is described in the integration instructions.
Audit Metadata