inbox-commander
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): This skill has an attack surface for indirect prompt injection because it processes untrusted data (external emails) using external reference files (references/known-senders.md).
- Ingestion points: The skill ingests untrusted email content from external senders.
- Boundary markers: None identified in the provided reference files.
- Capability inventory: No executable capabilities (subprocess, eval, file-write, network) are present in the provided files.
- Sanitization: None identified; the system relies on pattern matching defined in markdown files.
- [Metadata Poisoning] (SAFE): The files contain configuration templates and examples (e.g., VIP contacts, vendors) which are standard for an email triage skill and do not contain deceptive instructions.
Audit Metadata