email-validator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill requires standard Python libraries (
dnspython,click). Whileemail-validatoris mentioned in the documentation, it is not actually imported or used in the script. All dependencies are well-known and from trusted registries. - DATA_EXFILTRATION (SAFE): Network activity is limited to DNS queries via
dnspythonto check for MX records. This is necessary for the skill's stated purpose. No data is transmitted to external endpoints or third-party servers. - INDIRECT_PROMPT_INJECTION (LOW): The skill processes untrusted user data (CSV and text files containing email lists).
- Ingestion points:
scripts/main.pyreads user-provided files viacsv.DictReaderandPath.read_text(). - Boundary markers: None identified in the script.
- Capability inventory: Local file writing and DNS resolution.
- Sanitization: The script uses regular expressions to validate email formats, providing basic sanitization against malformed input. Because the data is not re-interpolated into a prompt for the LLM or executed as code, the risk is minimal.
Audit Metadata