email-sender
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill requires users to store plaintext SMTP passwords and API keys in 'config/config.yaml' as seen in 'config/config.example.yaml' and 'scripts/config_loader.py'.
- [PROMPT_INJECTION] (LOW): Indirect injection surface detected in 'templates/default.html'. The use of '{{ content | safe }}' allows raw HTML injection into the email body, bypassing the default Jinja2 auto-escaping. Ingestion points: Data entered via the 'context' argument in 'TemplateManager.render'. Boundary markers: None identified. Capability inventory: Uses 'smtplib' for SMTP and 'requests' for API-based sending. Sanitization: Relies on Jinja2 autoescape but explicitly disables it for the 'content' field via the safe filter.
- [DATA_EXFILTRATION] (MEDIUM): The primary purpose involves network operations (SMTP/API). However, the absence of the core logic file 'scripts/send_email.py' prevents verification of whether additional sensitive data is exfiltrated to unauthorized domains or if the 'smtplib-ssl' dependency in 'requirements.txt' is legitimate.
Audit Metadata