agentmail
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface. * Ingestion points: Incoming email content is retrieved via the AgentMail API as shown in the
SKILL.mdcode snippets. * Boundary markers: There are no delimiters or 'ignore embedded instructions' markers present in the processing examples. * Capability inventory: The agent has the ability to send emails (mail.messages.send) and register webhooks. * Sanitization: No input validation or content filtering of incoming messages is implemented in the logic. - [DATA_EXFILTRATION]: External API Communication. The skill communicates with the vendor's infrastructure at
api.theagentmail.netto manage accounts and process email data. - [EXTERNAL_DOWNLOADS]: Vendor SDK Dependency. The skill references the vendor-owned Node.js package
@agentmail/sdkfor its functionality.
Audit Metadata