imap-smtp-email
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs users to store sensitive email account credentials, including hostnames, usernames, and passwords or authorization codes, in a plaintext
.envfile for the scripts to access.\n- [EXTERNAL_DOWNLOADS]: Thesetup.shscript executesnpm installto download required Node.js libraries from the public npm registry.\n- [COMMAND_EXECUTION]: The skill relies on the execution of Node.js scripts (scripts/imap.js,scripts/smtp.js) and a Bash setup script (setup.sh) to perform email operations and configuration.\n- [DATA_EXFILTRATION]: Thescripts/smtp.jsutility contains features that allow reading local files (via the--body-fileand--attacharguments) and transmitting their contents to external email addresses, which could be abused for data theft if the agent is manipulated.\n- [PROMPT_INJECTION]: The skill provides a significant surface for indirect prompt injection attacks by reading untrusted data from the mail server.\n - Ingestion points: The
scripts/imap.jsscript fetches and parses email subjects, body text, and HTML content, which are then provided to the agent.\n - Boundary markers: There are no boundary markers or instructions to the agent to treat email content as untrusted; the data is passed as raw strings within JSON responses.\n
- Capability inventory: The skill possesses the capability to read any local file (for email attachments/bodies), write files to the local disk (for downloading attachments), and send network requests via SMTP.\n
- Sanitization: No sanitization, filtering, or instruction-stripping is performed on the incoming email data before it is presented to the agent.\n
- Workflow Risk: Instructions in
SKILL.mdadvise the agent to run commands directly without user intervention for configuration, potentially reducing the chance for human oversight during an injection attempt.
Audit Metadata