himalaya
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill facilitates the installation of the 'himalaya' binary using Homebrew (
brew install himalaya). While the source organization (pimalaya) is not on the predefined trusted list, Homebrew is a standard, reputable package manager for this type of utility. - [DATA_EXFILTRATION] (SAFE): The skill's primary purpose is email management, which involves reading and sending messages. The analysis found no evidence of unauthorized data transfer to third-party domains. All network operations are directed toward the user's configured IMAP/SMTP servers.
- [CREDENTIALS_UNSAFE] (SAFE): The configuration example correctly avoids hardcoding secrets, instead recommending the use of secure command-based password retrieval (e.g.,
pass show email/imap). - [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points: The agent can ingest untrusted data through commands like
himalaya message readandhimalaya envelope listwhich display content from external senders. - Boundary markers: Absent. The instructions do not provide explicit delimiters or warnings to the agent regarding the processing of untrusted email content.
- Capability inventory: The agent has the ability to read, list, move, delete, and send emails.
- Sanitization: None specified in the markdown instructions. As this is an inherent risk of email-processing skills, it is rated as LOW severity.
Audit Metadata