Skills
skills/dalehurley/phpbot/check-unread-emails/Gen Agent Trust Hub

check-unread-emails

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The Python scripts check_new_emails.py and get_recent_emails.py utilize subprocess.run to execute AppleScript via the osascript command. This enables the skill to interact with the system's Mail.app to query and extract message data.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to the processing of external, untrusted email content.
  • Ingestion points: Untrusted data enters the agent's context through the content, subject, and sender fields retrieved in scripts/get_recent_emails.py and scripts/check_new_emails.py.
  • Boundary markers: There are no delimiters or instructions provided to the agent to treat the email content as potentially untrusted data or to ignore embedded instructions.
  • Capability inventory: The skill possesses the capability to read personal emails and present their contents to the agent for summarization and categorization.
  • Sanitization: No sanitization, escaping, or validation of the retrieved email body or subject lines is performed before the data is processed by the AI agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 07:31 AM