Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides functionality to list and read incoming email messages, which introduces a surface for indirect prompt injection attacks.
- Ingestion points: External email content is fetched through the '/api/inbox/messages/read' and '/api/subdomain/inbox/messages/read' endpoints.
- Boundary markers: The instructions lack delimiters or explicit directives for the agent to ignore potentially malicious instructions embedded within the email bodies.
- Capability inventory: The agent is granted the ability to execute financial transactions (purchasing inboxes and subdomains) and send outgoing emails.
- Sanitization: There is no documentation or instruction regarding the sanitization or validation of the retrieved email data before processing.
- [EXTERNAL_DOWNLOADS]: The skill requires the 'agentcash' package from the NPM registry and utilizes 'npx agentcash@latest' to perform its operations, creating a dependency on an external package.
- [COMMAND_EXECUTION]: The skill relies on shell command execution via the 'npx' utility to interact with API endpoints and manage user wallet and payment workflows.
Audit Metadata