newsletter-monitor
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from external emails, which creates an indirect prompt injection surface. \n
- Ingestion points: The
scripts/scan_newsletters.pyscript retrieves email bodies and subjects from an external inbox via the AgentMail API. \n - Boundary markers: Output is formatted into structured JSON or a human-readable summary, providing a layer of separation, though it lacks explicit instructions for the agent to ignore any commands found within the email snippets. \n
- Capability inventory: The skill declares the
send-email-via-agentmailcapability inSKILL.md, which could potentially be abused if an agent follows instructions found within an email. \n - Sanitization: The script uses a regular expression to strip HTML tags and performs basic character entity decoding on email content.
Audit Metadata