agentmail
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with an external API endpoint (
api.theagentmail.net) and utilizes a vendor-specific Node.js library (@agentmail/sdk) to manage email operations.- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it ingests and processes content from external sources (emails). - Ingestion points: The agent retrieves the body of incoming emails using the
mail.messages.getfunction or the/v1/accounts/:id/messages/:msgIdAPI endpoint. - Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present in the provided documentation or code examples.
- Capability inventory: The agent can send emails to any address, create new email accounts, and configure webhooks, providing a significant surface for automated actions.
- Sanitization: There is no evidence of content sanitization or validation for the incoming email data before it is presented to the agent's context.
Audit Metadata