agentmail-toolkit
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of the
agentmail-toolkitpackage from npm and PyPI. This package is not maintained by a pre-approved trusted organization (e.g., OpenAI, Anthropic, Google) and its runtime behavior has not been verified. - PROMPT_INJECTION (LOW): The skill exhibits a surface for Indirect Prompt Injection (Category 8).
- Ingestion points: External data enters the agent context via
list_threads,get_thread, andget_attachmenttools, which retrieve content from incoming emails. - Boundary markers: There are no visible boundary markers or instructions to the agent to disregard embedded commands within email bodies.
- Capability inventory: The agent possesses sensitive capabilities including
send_message,delete_inbox, andcreate_inbox, which could be abused if an attacker sends a malicious email that overrides the agent's instructions. - Sanitization: No sanitization logic is described for the content returned by the email tools before it is processed by the LLM.
Audit Metadata