Skills
NYC
skills/spillwavesolutions/automating-mac-apps-plugin/automating-mail/Gen Agent Trust Hub

automating-mail

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill processes untrusted data from external sources (emails) which could contain malicious instructions.
  • Ingestion points: scripts/extract_emails_to_contacts.py (reads message.content and message.subject), scripts/search_and_archive.py (reads msg.content and msg.subject).
  • Boundary markers: None. The scripts do not use delimiters or instructions to ignore embedded commands in the email data.
  • Capability inventory: The skill can execute shell commands via osascript, write files (attachment-extraction.md), and modify sensitive databases (Contacts and Mail).
  • Sanitization: None detected. External content is used directly for logic (regex matching and search).
  • [Command Execution] (LOW): The skill uses osascript to interact with macOS system components.
  • Evidence: scripts/set_up_mail_automation.py and scripts/set_up_mail_automation.sh execute AppleScript strings to trigger permissions and list accounts.
  • [External Downloads] (LOW): The skill relies on the PyXA library, which is not in the predefined trusted sources list but is central to the skill's purpose.
  • Evidence: scripts/create_email.py, scripts/extract_emails_to_contacts.py, and scripts/search_and_archive.py all import PyXA.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:27 PM