email-smtp-send
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a standard utility designed for its stated purpose with no malicious code detected. It handles SMTP credentials via environment variables and provides a sanitization mechanism in the 'check-config' command to avoid leaking passwords in the logs.\n- [PROMPT_INJECTION]: The skill possesses an inherent attack surface for indirect prompt injection, which is assessed as safe given its intended functionality. \n
- Ingestion points: Data enters the system through command-line arguments for subject and body in scripts/smtp_send.py.\n
- Boundary markers: No delimiters or isolation instructions are present to separate user content from the operational logic.\n
- Capability inventory: The script is limited to performing network operations via the Python smtplib and ssl modules for email transmission.\n
- Sanitization: The skill does not perform sanitization of the email body or subject, which is standard behavior for a general-purpose mail transport tool.
Audit Metadata