zoho-mail
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it retrieves and processes untrusted data from external email messages.
- Ingestion points: Email content, subjects, and headers retrieved via endpoints like /messages/view and /messages/{messageId}/content in SKILL.md.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the documentation.
- Capability inventory: The skill is capable of sending emails, managing folders, and deleting messages.
- Sanitization: No sanitization or filtering of retrieved email content is documented.
- [EXTERNAL_DOWNLOADS]: The skill documentation includes examples of network operations to external Maton AI domains.
- Evidence: The skill communicates with gateway.maton.ai, ctrl.maton.ai, and connect.maton.ai to facilitate OAuth connections and proxy API requests.
Audit Metadata