email-send
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it handles external data (email body and recipient) and possesses the capability to transmit this data over the network.
- Ingestion points: Data enters the system context through the email recipient and body parameters in the curl and Python command templates.
- Boundary markers: No explicit delimiters or instructions are used to prevent the agent from obeying instructions embedded in the email content.
- Capability inventory: The skill has network access via
curland the Pythonsmtplibmodule for data transmission. - Sanitization: There is no sanitization or input validation performed on the user-provided data.
- [COMMAND_EXECUTION]: The skill uses
curlandpython3 -cto execute shell commands. This is the primary method for its email-sending functionality and is considered expected behavior for this skill's stated purpose.
Audit Metadata