email-manager
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Node.js script located at
/home/ubuntu/clawd/scripts/email-monitor.jsto monitor Feishu emails. This is a primary function of the skill within its designated environment. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of external data. 1. Ingestion points: Incoming email subjects and bodies are fetched and processed via
imaplibinSKILL.md. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the processing logic to protect the agent from malicious content. 3. Capability inventory: The skill includes functions for sending emails via SMTP and executing local commands, which could be abused if the agent inadvertently follows instructions found within an email. 4. Sanitization: There is no evidence of sanitization or validation performed on the fetched email content before it is processed by the agent.
Audit Metadata