Skills
skills/sundial-org/awesome-openclaw-skills/apple-mail/Gen Agent Trust Hub

apple-mail

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of local command execution to interact with the system.
  • Uses osascript to execute AppleScript for controlling Mail.app functionality (sending, reading, and managing messages).
  • Uses sqlite3 to query the local Apple Mail database (~/Library/Mail/V{9,10,11}/MailData/Envelope Index) for fast metadata retrieval.
  • Uses python3 for parsing email files (.emlx) and URL decoding.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the way it processes external data.
  • Ingestion points: Incoming emails read via mail-read.sh, mail-list.sh, and mail-read-emlx.py provide untrusted content to the agent.
  • Boundary markers: The output format does not include explicit delimiters or warnings to the agent to ignore instructions embedded within the email bodies.
  • Capability inventory: The skill provides significant 'write' capabilities, including mail-send.sh, mail-reply.sh, and mail-delete.sh.
  • Sanitization: Scripts include basic escaping for shell/AppleScript command construction, but there is no content filtering or sanitization to prevent an agent from obeying instructions found inside a processed email body.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 11:27 PM