ben-agent-email
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes inbound emails from external senders, which represents a surface for indirect prompt injection attacks where the agent might follow instructions embedded in an email body.
- Ingestion points: Inbound emails to ben-agent@zerofinance.ai processed by the /api/ai-email route.
- Boundary markers: Not specified; the skill does not define specific delimiters or instructions to the agent to ignore commands within the email body.
- Capability inventory: Outbound email transmission, attachment handling, and session state updates via resend-provider.ts.
- Sanitization: No explicit sanitization or filtering of external email content is documented in the skill definition.
- Credentials Management (SAFE): The skill identifies the need for RESEND_API_KEY and RESEND_WEBHOOK_SECRET but uses empty placeholders and includes defensive instructions for the agent to stop and request credentials from the user if they are missing.
Audit Metadata