email-tools
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data when reading or listing emails, which presents a surface for indirect prompt injection where instructions within an email could attempt to manipulate the agent.
- Ingestion points: himalaya list and himalaya read in SKILL.md
- Boundary markers: Absent
- Capability inventory: himalaya send, himalaya reply, and shell command execution
- Sanitization: Not explicitly defined
- [COMMAND_EXECUTION]: The skill's primary operations are performed through the execution of shell commands, including tool installation and email management.
- [CREDENTIALS_UNSAFE]: Documentation provides examples for configuring email accounts, which involves placing sensitive app-passwords in configuration files or passing them as command-line arguments to curl.
- [EXTERNAL_DOWNLOADS]: The skill references the installation of the himalaya CLI client through trusted and well-known sources including Homebrew, Cargo, and GitHub releases.
Audit Metadata