email-triage
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of triaging untrusted external data from emails.\n
- Ingestion points: The agent retrieves potentially malicious content from email bodies and subjects using the
joelclaw email readandjoelclaw email inboxcommands as specified inSKILL.md.\n - Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between its own system instructions and the untrusted content found within emails.\n
- Capability inventory: The agent possesses the ability to archive or bulk-archive emails using
joelclaw email archive,joelclaw email archive-ids, andjoelclaw email archive-bulk.\n - Sanitization: There is no mention of sanitization or filtering of the email data before it is presented to the agent's context for decision-making.\n- [COMMAND_EXECUTION]: The skill relies on executing shell commands to interact with the Front email API via a custom CLI.\n
- Evidence: Multiple command examples are provided in
SKILL.md(e.g.,joelclaw email inbox,joelclaw email read).\n - Context: These commands use
joelclaw, which is a vendor-owned tool associated with the author (joelhooks), and are necessary for the primary purpose of the skill.
Audit Metadata