himalaya
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data by reading emails via
himalaya message readand listing them withhimalaya envelope list. This content enters the agent's context without defined boundary markers or sanitization instructions, creating a surface for indirect prompt injection where malicious email content could attempt to influence agent behavior. - [COMMAND_EXECUTION]: The skill provides a Python script template using
smtplibfor sending emails with attachments. This involves the agent generating and executing code that performs network operations and handles authentication. - [DATA_EXPOSURE]: The instructions guide the management of sensitive configuration at
~/.config/himalaya/config.toml, which contains email credentials and backend settings. While the skill recommends secure methods likepass, it also documents the less securebackend.auth.rawmethod for storing passwords in plain text.
Audit Metadata