smtp2go-api
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The documentation describes endpoints that ingest untrusted external data (email and SMS bodies) and provides the network capability to transmit this data to an external service, creating a surface for indirect prompt injection. \n
- Ingestion points:
references/endpoints.mddefines the/email/send,/email/mime, and/sms/sendendpoints which accept arbitrary text and HTML content. \n - Boundary markers: Absent; there are no instructions or recommended delimiters to isolate user-provided content from agent instructions. \n
- Capability inventory: The skill facilitates network operations (POST requests to
api.smtp2go.com) and provides reference for sensitive operations like API key and subaccount management. \n - Sanitization: Absent; the reference does not provide guidance on sanitizing, escaping, or validating the content intended for delivery. \n- [No Code] (LOW): The skill is composed entirely of Markdown documentation and JSON metadata. The absence of executable scripts (e.g., Python, JavaScript, or Shell) significantly limits the risk of direct remote code execution or persistence-based attacks.
Audit Metadata