email-notify
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [DATA_EXFILTRATION] (MEDIUM): The script
scripts/send_email_notification.pyfacilitates network communication via SMTP to non-whitelisted servers. While intended for notifications, it can be exploited as an exfiltration vector if an agent is coerced into passing sensitive data (e.g., file contents or environment variables) into the--summaryor--task-titlearguments. - [CREDENTIALS_UNSAFE] (MEDIUM): The
SKILL.mddocumentation instructs users to store sensitive SMTP credentials, including passwords, in cleartext in~/.bashrcor~/.zshrc. Since AI agents often have the capability to read these configuration files or access the environment, this significantly increases the risk of credential theft. - [INDIRECT_PROMPT_INJECTION] (MEDIUM): The skill possesses an indirect injection surface by reading the
AGENTS.mdfile to extract project metadata. - Ingestion points:
scripts/send_email_notification.pyreads the content ofAGENTS.mdusingPath.read_text(). - Boundary markers: No delimiters or instructions are used to distinguish the file content from the agent's logic.
- Capability inventory: The skill can perform network operations via
smtplib. - Sanitization: The script uses basic regex extraction and quote stripping but does not validate or sanitize the resulting strings before including them in the email body.
Audit Metadata