email-search
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's setup script and configuration download standard, well-known Python packages from PyPI, such as
chromadb,libpff-python,pdfplumber,python-docx, andopenpyxl. These are standard tools for text extraction and local vector storage.\n- [COMMAND_EXECUTION]: The skill provides a CLI for processing local PST files. It reads email data and writes index files to a local directory (./email-search-data) as well as markdown files during export. These file operations are restricted to the local environment and are necessary for the skill's functionality.\n- [PROMPT_INJECTION]: The skill processes untrusted content from emails, creating an attack surface for indirect prompt injection. Malicious instructions inside emails could potentially influence agent behavior when search results are retrieved.\n - Ingestion points: Email headers, bodies (via
pst_parser.py), and attachment text (viaattachment_extractor.py).\n - Boundary markers: The CLI uses
Richpanels to separate and label different search results in the console output.\n - Capability inventory: Read access to local PST files and write access to the local database directory and markdown export paths.\n
- Sanitization: Content is escaped for Rich formatting in the CLI, but no specific logic is present to sanitize email content for potential LLM injection attacks.
Audit Metadata