send-email
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements its functionality using standard Python modules (
smtplib,email) without external dependencies or obfuscation. - [DATA_EXFILTRATION]: While the skill can send local files as attachments to external addresses, this is its primary intended function. Credentials are not hardcoded and are managed through a secure key store tool.
- [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection as it processes untrusted email content and has file-reading capabilities. However, it does not interpret this content as instructions.
- Ingestion points: The
scripts/send.pyscript acceptssubject,body, andattachmentas command-line arguments inSKILL.md. - Boundary markers: No delimiters or explicit instructions are provided to the agent to ignore instructions embedded within the email body.
- Capability inventory: The script can read any file path provided to the
--attachmentargument and transmit data via SMTP. - Sanitization: No input validation or sanitization is performed on the arguments passed to the script.
Audit Metadata