clawmail
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is centered around the use of the
joelclaw mailcommand-line utility. It provides specific subcommands for agent coordination, such assend,inbox,read,reserve, andrelease. This is a standard functional requirement for the skill's intended purpose within the vendor's ecosystem. - [PROMPT_INJECTION]: The protocol creates a surface for indirect prompt injection because agents are instructed to read and act upon messages from external sources via
joelclaw mail read. - Ingestion points: Incoming messages accessed through
joelclaw mail readandjoelclaw mail inbox(SKILL.md). - Boundary markers: The documentation does not specify the use of delimiters or 'ignore' instructions for the content of the messages.
- Capability inventory: The agent has the capability to execute shell commands and modify files (referenced by
mail reserve), which could be targeted by malicious instructions in a message. - Sanitization: No explicit sanitization or validation of the mail content is described in the protocol.
Audit Metadata