Skills
skills/fadeloo/skills/email-imap-append/Gen Agent Trust Hub

email-imap-append

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]:
  • The skill executes a Python script (scripts/imap_append.py) to interface with IMAP servers via command-line arguments.
  • It uses standard libraries to handle message construction and server communication.
  • [DATA_EXFILTRATION]:
  • The --attach parameter in the append-draft command enables the agent to read any file on the local filesystem accessible to the process.
  • Attachment content is read via path.read_bytes() and uploaded to the configured IMAP server, creating a potential path for exfiltrating sensitive local information if the agent is manipulated.
  • [CREDENTIALS_UNSAFE]:
  • The skill relies on the IMAP_PASSWORD environment variable for authentication.
  • Storing sensitive credentials in environment variables makes them accessible to other processes in the same environment.
  • [PROMPT_INJECTION]:
  • The skill has an indirect prompt injection surface (Category 8).
  • Ingestion points: Local files read via --attach and text provided via --body or --subject.
  • Boundary markers: None. There are no instructions to the agent to treat data from files or arguments as untrusted content.
  • Capability inventory: The script scripts/imap_append.py provides combined filesystem read and network write capabilities.
  • Sanitization: None. The skill does not validate or filter the content of attachments or messages for embedded instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 03:55 AM