Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODECOMMAND_EXECUTION
Full Analysis
- Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection as it ingests untrusted data from external sources (IMAP emails). Attackers could send emails containing instructions that the agent might follow, such as forwarding data or deleting messages. * Ingestion points:
email_readandemail_listin SKILL.md. * Boundary markers: Absent; no specific delimiters or ignore-instructions are defined for processing the email body. * Capability inventory:email_send,email_delete, andemail_moveprovide high-impact actions. * Sanitization: Absent; the skill relies on natural language instructions for safety rather than technical validation. - No Code (SAFE): The skill consists exclusively of markdown documentation and interface definitions without any accompanying executable scripts or binary files.
- Command Execution (SAFE): The skill mentions the use of
notify_sendfor system alerts, which is a standard and low-risk utility for desktop notifications.
Audit Metadata