agentmail
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Documentation in SKILL.md includes example injection payloads (e.g., 'Ignore previous instructions') within a security warning section. These are informational and do not represent a malicious bypass attempt.\n- [COMMAND_EXECUTION]: The script scripts/send_email.py reads local files specified via the --attach argument to include them as email attachments.\n- [EXTERNAL_DOWNLOADS]: The skill documentation recommends installing third-party packages including agentmail, python-dotenv, flask, ngrok, and pdfplumber.\n- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted email data, creating an indirect prompt injection surface. 1. Ingestion: Email bodies are processed in scripts/check_inbox.py and webhook examples. 2. Capabilities: The agent can read files for attachments and send emails externally. 3. Boundaries: Not implemented in the provided scripts, though documented in SKILL.md. 4. Sanitization: No automated content filtering or escaping is implemented in the utility scripts.
Audit Metadata