139mail
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it ingests untrusted data from email bodies and headers without isolation markers while possessing network-capable tools.\n
- Ingestion points:
scripts/view_mail.pyandscripts/check_mail.pyfetch email content and metadata into the agent's context.\n - Boundary markers: The scripts do not use delimiters or provide instructions to the agent to ignore commands within the email content.\n
- Capability inventory: The skill includes functions to send emails (
scripts/send_mail.py) and modify account state (scripts/manage_mail.py), which could be abused via malicious instructions in an email.\n - Sanitization: No sanitization or filtering of the email content is performed before presentation to the agent.\n- [EXTERNAL_DOWNLOADS]: The skill requires a third-party Python library for core functionality.\n
- Evidence:
README.mdandSKILL.mdinstruct users to installimapclientviapip. This is a well-known library for IMAP operations.
Audit Metadata