Skills
skills/nousresearch/hermes-agent/agentmail/Gen Agent Trust Hub

agentmail

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the agentmail-mcp package from the npm registry and the mcp library from PyPI. These are expected dependencies for the integrated service integration.
  • [COMMAND_EXECUTION]: Instructs the user to execute npx -y agentmail-mcp and pip install mcp to set up the environment.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external data from incoming emails.
  • Ingestion points: Incoming email content retrieved via the get_thread and list_threads tools documented in SKILL.md.
  • Boundary markers: Absent; the instructions do not provide delimiters or instructions for the agent to treat email content as untrusted data.
  • Capability inventory: The agent has the ability to send emails, reply to threads, create/delete inboxes, and download attachments.
  • Sanitization: Absent; the skill does not specify any validation or filtering of incoming email content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 05:50 PM