roundcube-webmail
Fail
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The README.md setup instructions (Step 2) explicitly guide users to paste their NAIST username, password, and TOTP secret (extracted from Google Authenticator) into the AI chat interface. This practice results in the exposure of primary credentials and MFA secrets to the AI provider and stores them in potentially unencrypted chat logs and history.
- [DATA_EXFILTRATION] (MEDIUM): The skill facilitates sending automated email summaries to a user-provided Slack Webhook. If an attacker provides a malicious webhook URL, private email content is exfiltrated to an external party.
- [COMMAND_EXECUTION] (LOW): The scripts
read-mail.jsandreply-mail.jsutilizeexecSyncto interact with the macOSsecurityutility. Although used for Keychain integration, the execution of shell commands based on environment variables within an AI-automated environment requires strict oversight. - [EXTERNAL_DOWNLOADS] (LOW): The setup process requires downloading external tools such as
zbarvia Homebrew andplaywrightbinaries. While these are reputable tools, they represent an external dependency on third-party software supply chains.
Recommendations
- AI detected serious security threats
Audit Metadata