Skills
skills/dalehurley/phpbot/summarize-unread-emails/Gen Agent Trust Hub

summarize-unread-emails

Warn

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses osascript to execute AppleScript commands on the host system to interact with the Mail.app application.
  • [DATA_EXFILTRATION]: The skill accesses sensitive personal data by retrieving email headers, subjects, and sender information from the user's local inbox. Although it does not show evidence of external transmission, this constitutes significant data exposure of private communications.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from email subjects and senders and presents it to the agent for processing.
  • Ingestion points: Unread email subject lines and sender strings retrieved via AppleScript in SKILL.md.
  • Boundary markers: Absent. The skill provides no delimiters or instructions to the agent to distinguish between its own logic and the untrusted email content.
  • Capability inventory: The skill has the capability to execute system scripts (osascript) and read private database content (Mail.app messages).
  • Sanitization: Absent. The skill lacks any mechanism to sanitize or filter potential instructions embedded within the processed email text.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 07:31 AM