Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands like curl, mktemp, and cat to perform network requests and manage local files for email operations.\n- [DATA_EXFILTRATION]: The skill provides the ability to send content to any external email address via SMTP, which could be used as an exfiltration path for sensitive information.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from external email senders.\n
- Ingestion points: Incoming emails are fetched using IMAP commands as seen in SKILL.md.\n
- Boundary markers: None; the skill does not use delimiters to isolate untrusted email bodies from the agent's instructions.\n
- Capability inventory: The skill can execute shell commands and perform outbound network requests via SMTP.\n
- Sanitization: No sanitization or validation of the fetched email content is performed before it enters the agent's context.\n- [CREDENTIALS_UNSAFE]: The skill relies on environment variables for authentication and passes them to curl using the --user flag, which can potentially expose credentials in process listings (e.g., ps aux).
Audit Metadata