agent-email-inbox
Fail
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Fetches and executes the Tailscale installation script from its official domain (
https://tailscale.com/install.sh) to enable persistent tunneling for webhooks.\n- [COMMAND_EXECUTION]: Employssudocommands for the configuration of Tailscale services and the initiation of network funnels.\n- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from emails, creating an indirect prompt injection surface. It includes detailed guidance on sanitization and filtering to mitigate this risk.\n - Ingestion points: Webhook endpoint receiving email payloads (SKILL.md).\n
- Boundary markers: Recommends using delimiters or specific security logic in implementation.\n
- Capability inventory: Agent has access to process email content and send replies through the Resend SDK.\n
- Sanitization: Recommends stripping quoted reply threads and implementing content safety filters based on safety patterns.
Recommendations
- HIGH: Downloads and executes remote code from: https://tailscale.com/install.sh - DO NOT USE without thorough review
Audit Metadata