agentmail
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFENO_CODECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: Detailed analysis of the skill documentation and metadata found no evidence of malicious behavior or security policy violations. The interaction with the AgentMail API is consistent with the skill's stated purpose.
- [NO_CODE]: This skill consists entirely of documentation and metadata files, containing no executable scripts, binaries, or active source code.
- [COMMAND_EXECUTION]: The SKILL.md file provides standard installation instructions for the vendor SDK using npm and pip, which are typical for developer-focused agent skills.
- [EXTERNAL_DOWNLOADS]: The skill requires downloading the 'agentmail' package from official repositories (NPM and PyPI). These are recognized as vendor-managed resources from NeverSight.
- [DATA_EXFILTRATION]: While the skill involves sending and receiving email data, all network operations target the official AgentMail service as intended by the skill's primary function.
- [PROMPT_INJECTION]: The skill processes external data (emails), creating a surface for indirect prompt injection. Ingestion points: Email content and thread metadata are retrieved using
client.inboxes.messages.getandclient.inboxes.messages.listin SKILL.md. Boundary markers: Not explicitly defined in the provided SDK usage examples; developers should implement their own sanitization and delimiters. Capability inventory: The agent can send emails, create inboxes, manage threads, and handle attachments. Sanitization: No explicit sanitization of untrusted email content is demonstrated in the documentation snippets.
Audit Metadata