himalaya
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill enables email management through CLI commands using the himalaya utility.
- [EXTERNAL_DOWNLOADS]: The skill installs dependencies from Homebrew, a trusted package manager.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface as it processes external email data. * Ingestion points: 'himalaya message read' and 'himalaya envelope list' files. * Boundary markers: Not present. * Capability inventory: The skill can compose, send, move, and delete emails via himalaya CLI commands. * Sanitization: None provided by the skill scripts.
- [CREDENTIALS_UNSAFE]: While configuration examples include a raw password field (marked as not recommended), the skill primarily guides users toward secure storage via the 'pass' utility or system keyrings.
Audit Metadata