Skills
skills/caffeinelabs/skills/extension-email/Gen Agent Trust Hub

extension-email

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill specifies a dependency on the caffeineai-email package from the vendor's repository via the Mops package manager.
  • [DATA_EXFILTRATION]: The skill enables sending data to external email addresses through the sendServiceEmail function, which is the primary intended behavior.
  • [PROMPT_INJECTION]: The example code in src/backend/main.mo demonstrates an indirect prompt injection surface where user-supplied parameters are concatenated into the email body.
  • Ingestion points: Untrusted data enters the agent context via the recipientEmailAddress, username, and orderReference arguments of the sendOrderConfirmationEmail function in src/backend/main.mo.
  • Boundary markers: No delimiters or instructions are used to isolate user data from the email template.
  • Capability inventory: The skill uses the EmailClient.sendServiceEmail function in src/backend/main.mo to transmit content externally.
  • Sanitization: The skill does not escape HTML special characters in user-provided strings before interpolation, creating a potential surface for HTML injection if the email is rendered as HTML.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 11:43 AM