email-gateway
Warn
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill operates as a gateway for external data with outbound communication capabilities, creating a Tier 2 vulnerability surface.
- Ingestion points: Untrusted data enters the agent context via provider webhook callbacks (Step 6) and dynamic email template variables (Step 5).
- Boundary markers: The skill does not explicitly define delimiters or boundary markers for the external data it processes.
- Capability inventory: The generated code executes outbound network requests to third-party email APIs (Step 4, 5) and performs file/state writes for delivery tracking (Step 6).
- Sanitization: The skill mitigates risk by requiring 'webhook signature verification' and 'template variable validation' as mandatory steps in the workflow.
Audit Metadata