lessie-email
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configuration downloads and executes the
@lessie/mcp-serverpackage from the NPM registry usingnpx. This package is the official tool provided by the vendor for email integration. - [COMMAND_EXECUTION]: The skill instructs the agent to use platform-specific system commands (
open,xdg-open,start) to launch a web browser for the OAuth authorization flow. - [COMMAND_EXECUTION]: Provides a troubleshooting script to terminate stale application processes and remove local configuration data located in
~/.lessie/. This is used for maintenance and state recovery. - [DATA_EXFILTRATION]: The skill connects to a remote API endpoint at
app.lessie.aito process email operations. This communication is essential for the skill's primary function and utilizes the vendor's official infrastructure. - [SAFE]: While the skill processes external data (emails), which represents a potential indirect prompt injection surface, this is inherent to the purpose of an email management tool. No malicious patterns or exploitation attempts were detected.
Audit Metadata