Skills
skills/schemavaults/send-email/list-email-templates/Gen Agent Trust Hub

list-email-templates

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill uses official packages (@schemavaults/send-email) and API endpoints belonging to the skill author (schemavaults).
  • [COMMAND_EXECUTION]: Instructs the agent to use CLI tools like bunx or npx to run vendor scripts and to create temporary TypeScript files for automation.
  • [PROMPT_INJECTION]: The skill processes data from an external API (GET /api/templates), representing a potential indirect prompt injection surface.
  • Ingestion points: Data retrieved from GET /api/templates (described in SKILL.md).
  • Boundary markers: None explicitly defined in the prompt instructions.
  • Capability inventory: Execution of shell commands via bunx/npx and execution of generated scripts via bun run.
  • Sanitization: None described for the incoming template descriptions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 12:29 PM