Skills
skills/nicolaischmid/agent-skills/apple-mail-search/Gen Agent Trust Hub

apple-mail-search

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [Data Exposure] (MEDIUM): The skill is configured to read highly sensitive private communication data stored in the macOS Apple Mail database.
  • Evidence: Accesses ~/Library/Mail/V10/MailData/Envelope Index and message content from .emlx files.
  • Risk: Sensitive user data is exposed to the agent context, which could be misused if the agent is compromised.
  • Mitigation: Since this is the primary functionality of the skill, the severity is reduced from HIGH to MEDIUM.
  • [Indirect Prompt Injection] (LOW): The skill processes untrusted data from email headers and content that could influence agent behavior.
  • Ingestion points: Apple Mail SQLite database and .emlx message files.
  • Boundary markers: Absent; no delimiters are described for the returned email content to prevent it from being interpreted as instructions.
  • Capability inventory: The skill executes a local Python script (./scripts/mail-search) to query the database.
  • Sanitization: Absent; raw email data is retrieved and displayed directly to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:23 PM