Skills
skills/fadeloo/skills/email-imap-fetch/Gen Agent Trust Hub

email-imap-fetch

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external emails.
  • Ingestion points: Remote email subjects and bodies are fetched using the imaplib library in scripts/imap_idle_fetch.py.
  • Boundary markers: The script does not wrap email content in protective delimiters or provide instructions to downstream agents to ignore embedded commands.
  • Capability inventory: The skill possesses network capabilities to forward data to webhooks and outputs data in JSONL format for agent consumption.
  • Sanitization: The script uses a regular expression HTML_TAG_RE to strip HTML tags and SPACE_RE to normalize whitespace, but it does not sanitize plain-text natural language instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 05:46 PM