transmit
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): High vulnerability to Indirect Prompt Injection due to lack of input sanitization or boundary markers.
- Ingestion points: Untrusted data enters the agent context through parameters such as 'subject', 'html', and 'variables' in the 'POST /email/send' endpoint, and 'metadata' in contact sync endpoints (found in SKILL.md and references/api-sending-guide.md).
- Boundary markers: Absent. The instructions do not guide the agent to wrap external content in delimiters or ignore embedded commands within the email body.
- Capability inventory: The skill possesses the capability to send data to external recipients via the Transmit REST API using shell-based curl commands (found in SKILL.md).
- Sanitization: Absent. There is no evidence of filtering or validation for the content being passed to the email API.
- [DATA_EXFILTRATION] (LOW): The skill provides an inherent channel for external communication. While this is the intended functionality, it facilitates data exfiltration if the agent is manipulated into sending sensitive information (like API keys or configuration) to an attacker-controlled email address.
- [COMMAND_EXECUTION] (LOW): The skill relies on executing shell commands (curl) to interact with the Transmit API. While these are documented as standard operations, they represent a surface for potential command injection if parameters are not correctly escaped by the agent implementation.
Audit Metadata