termail
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from incoming emails.
- Ingestion points: External data is read into the agent context through the 'termail list', 'termail read', and 'termail search' commands defined in SKILL.md.
- Boundary markers: There are no explicit markers or instructions used to separate email content from agent instructions in the command templates.
- Capability inventory: The agent has access to 'termail compose', 'termail reply', and 'termail forward' capabilities, which could be used to exfiltrate data or send unauthorized communications.
- Sanitization: No evidence of sanitization or validation of the email body or metadata is present.
- [EXTERNAL_DOWNLOADS]: The skill relies on an external CLI tool and provides instructions to install it from the author's personal Homebrew tap ('lu-zhengda/tap/termail').
- [COMMAND_EXECUTION]: The skill executes various system commands through the 'Bash' tool to perform its primary functions, such as syncing and reading email threads.
Audit Metadata