email-imap-full-fetch
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill processes data from an external IMAP server, which represents an indirect prompt injection surface. This is an inherent risk of the skill's primary function and is handled with appropriate care for file operations.\n
- Ingestion points: scripts/imap_full_fetch.py (IMAP FETCH command)\n
- Boundary markers: Absent\n
- Capability inventory: Local file system write access for saving email content and attachments\n
- Sanitization: Filenames are sanitized using a strict alphanumeric regex pattern to prevent directory traversal.\n- [SAFE]: Sensitive data handling is limited to the skill's intended purpose. IMAP credentials are required via environment variables, and fetched email data is stored in localized directories provided by the user.
Audit Metadata