email-imap-full-fetch
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill retrieves untrusted email content from an external IMAP server, creating a potential surface for Indirect Prompt Injection where malicious instructions in emails could hijack the agent's logic.
- Ingestion points: Email headers, text, and HTML bodies are fetched in 'scripts/imap_full_fetch.py'.
- Boundary markers: No specific delimiters or safety prompts are used to isolate the untrusted email content.
- Capability inventory: The script performs local file-write operations for saving emails and attachments but does not execute external code or make outbound HTTP requests with the email data.
- Sanitization: Filenames are sanitized for security, but the content of the email bodies is not filtered for malicious instructions.
Audit Metadata