email-imap-fetch
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill retrieves email subjects and snippets from configured IMAP accounts and transmits them to a remote webhook endpoint. This creates a data flow that must be secured by the user to prevent unauthorized access to private email information.
- [PROMPT_INJECTION]: The ingestion of untrusted email data for snippet extraction represents an indirect prompt injection surface. Specially crafted emails could contain instructions that attempt to influence the agent's behavior.
- Ingestion points: Email content is fetched in 'scripts/imap_idle_fetch.py' via the 'fetch_unseen_messages' function.
- Boundary markers: The script uses markers like '<<<MAIL_REF_JSON>>>' to delineate structured metadata from the message body.
- Capability inventory: Network communication is performed using the built-in 'imaplib' and 'urllib.request' Python modules.
- Sanitization: The 'extract_snippet' function performs basic HTML tag removal and limits character count to reduce the risk of script or prompt injection.
Audit Metadata