inbox
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the shell command
gt mail inboxto retrieve message data from a local CLI tool. - [EXTERNAL_DOWNLOADS]: The documentation provides instructions to install an external dependency using
brew install gt, pointing to the Homebrew package manager. - [PROMPT_INJECTION]: The skill exhibits surface area for indirect prompt injection because it ingests and displays untrusted message content.
- Ingestion points: External data enters the agent context via the output of the
gt mail inboxcommand as described in SKILL.md. - Boundary markers: The workflow lacks explicit boundary markers or instructions to the LLM to ignore instructions embedded within the retrieved messages.
- Capability inventory: The skill has the capability to execute shell commands and present formatted text output to the user.
- Sanitization: No sanitization, escaping, or validation logic is defined to handle potentially malicious instructions contained within the message bodies.
Audit Metadata