himalaya
Warn
Audited by Snyk on Feb 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). Himalaya connects to arbitrary IMAP/SMTP servers configured in ~/.config/himalaya/config.toml (see references/configuration.md) and ingests user-generated email content via commands like "himalaya envelope list", "himalaya message read", and attachment download, so the agent would read untrusted third‑party messages that could contain injected instructions.
Audit Metadata