Skills
skills/agricidaniel/claude-email/email-review/Gen Agent Trust Hub

email-review

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute internal Python scripts (score_subject_line.py and analyze_email_html.py) for automated scoring and analysis.
  • [PROMPT_INJECTION]: The skill processes untrusted email content from external sources which is then passed as shell arguments, creating an indirect prompt injection surface.
  • Ingestion points: Ingests email data from user text, local HTML files, and Gmail drafts via the gmail_get_draft tool.
  • Boundary markers: No delimiters or safety instructions are defined to isolate untrusted email content from the skill's logic.
  • Capability inventory: The skill utilizes Bash, Read, Grep, and Glob tools to interact with the system.
  • Sanitization: The instructions do not specify any validation, sanitization, or escaping of untrusted variables like subject or path before they are used in shell command execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 09:41 PM