mailroom
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill encourages the installation of additional skills from untrusted sources, specifically 'https://github.com/agentmail-to/agentmail-skills' and the 'cybertheory/mailroom_cli' package. These sources are not on the Trusted External Sources list.
- REMOTE_CODE_EXECUTION (MEDIUM): The use of 'npx skills add' and 'npx mailroom' involves downloading and executing code directly from the npm registry and GitHub at runtime. Without pinned versions or trusted authors, this poses a supply chain risk.
- CREDENTIALS_UNSAFE (MEDIUM): The skill explicitly mentions that auth tokens are stored locally in '~/.mailroom/config.json'. While local storage is common, the skill also demonstrates programmatic access to these tokens and environment variables (AGENTMAIL_API_KEY), which could be targets for exfiltration if other malicious skills are present.
- COMMAND_EXECUTION (LOW): The skill utilizes several CLI commands ('npx', 'curl') to perform its operations. While functional for the registry purpose, these commands execute with the user's local permissions.
- DATA_EXPOSURE (LOW): The skill is designed to publish agent metadata (name, description, status) to a public directory (mailroom.network). Users should be aware that information provided to 'npx mailroom set' will be publicly accessible by default.
Audit Metadata