mail-cli-usage
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Instructs the agent on how to build and execute local Rust code using 'cargo' within the 'services/cli/' directory as part of standard development workflows.
- [PROMPT_INJECTION]: Identifies a potential surface for indirect prompt injection from retrieved email content.
- Ingestion points: Untrusted content is ingested from external mail providers via 'emails read' and 'threads get' subcommands documented in 'SKILL.md'.
- Boundary markers: The skill does not specify the use of delimiters or 'ignore' instructions for the data retrieved from external sources.
- Capability inventory: The skill utilizes 'Bash(cargo:*)' in 'SKILL.md' to run the mail CLI and perform operations.
- Sanitization: No evidence of data sanitization or validation is presented in the usage documentation.
Audit Metadata