imap-smtp-email
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external emails.
- Ingestion points: The
scripts/imap.jsandscripts/check-inbox.jsscripts fetch email subjects, bodies, and headers from remote IMAP servers. - Boundary markers: Absent. Email content is passed to the agent's context without delimiters or instructions to disregard potential commands within the messages.
- Capability inventory: The skill has the capability to send emails with attachments (
scripts/smtp.js), read local files for attachments, and modify mailbox states (mark as read/unread). - Sanitization: Absent. No filtering or sanitization is applied to the fetched email content before it is processed by the agent.
- [CREDENTIALS_UNSAFE]: The skill documentation and setup script (
setup.sh) instruct the user to store plaintext email credentials (host, port, username, and password) in a local.envfile, which is an insecure method for managing sensitive secrets. - [COMMAND_EXECUTION]: The skill executes local Node.js scripts to perform its functions. While the scripts themselves appear to be standard wrappers for the
imapflowandnodemailerlibraries, they provide a significant capability surface for any agent utilizing the skill.
Audit Metadata