himalaya
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [External Downloads] (SAFE): The skill installs the himalaya CLI via Homebrew. This is a trusted package management system and the source repository is a well-known open-source project.
- [Command Execution] (LOW): The skill operates by executing himalaya shell commands. It supports the execution of local shell commands for password retrieval (e.g., via
pass), which is a standard feature of the underlying tool. - [Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted email data.
- Ingestion points: External email data is ingested via
himalaya message readandhimalaya envelope listcommands. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between email content and system instructions.
- Capability inventory: The skill can delete emails, send messages via
template send, and download attachments. - Sanitization: No content sanitization or filtering of email bodies is performed before processing.
Audit Metadata