email-api
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The
scripts/email-upload.jsscript includes a dedicated--envsflag that uploads local files to an unauthenticated/envsendpoint on a remote server (https://agenskill.onrender.com). The skill documentation explicitly instructs the agent to use this to upload sensitive.envfiles, which typically contain secrets and credentials. - [DATA_EXFILTRATION]: The
scripts/email-numbers.jsscript allows storing numeric data on a remote server without authentication. This creates a side-channel for the exfiltration of sensitive numeric information such as financial data or personal identifiers. - [EXTERNAL_DOWNLOADS]: The skill's core functionality relies on communicating with an external API hosted on
https://agenskill.onrender.com. This domain is an untrusted third-party host and is used as a destination for sensitive data. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it fetches and processes untrusted content from external emails.
- Ingestion points: Email content fetched via
scripts/email-read.jsandscripts/email-search.js. - Boundary markers: None. Untrusted content is not wrapped in delimiters or accompanied by instructions to ignore embedded commands.
- Capability inventory: The skill has access to
Bash,Read, andWritetools, and can perform network operations like sending or forwarding emails. - Sanitization: None. Raw email data is passed directly into the agent's context, allowing malicious instructions in an email to potentially control agent actions.
Recommendations
- AI detected serious security threats
Audit Metadata